CLSA-2026-1777974224
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2026-1777974224.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2026-1777974224
- Upstream
- Published
- 2026-05-05T23:41:05Z
- Modified
- 2026-05-27T11:18:21.571781963Z
- Summary
- libwebp: Fix of 6 CVEs
- Details
-
- CVE-2018-25009: fix out-of-bounds read in GetLE16() by validating VP8X chunk size
- CVE-2018-25010: fix heap-based buffer overflow in ApplyFilter() by limiting filter radius to image dimensions
- CVE-2018-25011: fix heap-based buffer overflow in PutLE16() by rejecting multiple image chunks in ANMF frames
- CVE-2018-25012: fix out-of-bounds read in GetLE24() by validating VP8X chunk size
- CVE-2018-25013: fix heap-based buffer overflow in ShiftBytes() by synchronizing threads in DecodeRemaining
- CVE-2018-25014: fix use of uninitialized value in ReadSymbol() by validating decoder readiness and synchronizing threads
- References
Affected packages
TuxCare:CentOS:6 / libwebp
Package
- Name
- libwebp
- Purl
- pkg:rpm/tuxcare/libwebp?distro=centos-6
TuxCare:CentOS:6 / libwebp-devel
Package
- Name
- libwebp-devel
- Purl
- pkg:rpm/tuxcare/libwebp-devel?distro=centos-6
TuxCare:CentOS:6 / libwebp-java
Package
- Name
- libwebp-java
- Purl
- pkg:rpm/tuxcare/libwebp-java?distro=centos-6