CVE-2018-6548
- Source
- https://cve.org/CVERecord?id=CVE-2018-6548
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6548.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-6548
- Downstream
- Published
- 2018-02-02T09:29:00.850Z
- Modified
- 2025-11-14T08:56:07.461297Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.
- References
Affected packages
Git / github.com/webmproject/libwebm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webmproject/libwebm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
libwebm-1.*
libwebm-1.0.0.10
libwebm-1.0.0.11
libwebm-1.0.0.12
libwebm-1.0.0.13
libwebm-1.0.0.14
libwebm-1.0.0.15
libwebm-1.0.0.16
libwebm-1.0.0.17
libwebm-1.0.0.18
libwebm-1.0.0.19
libwebm-1.0.0.2
libwebm-1.0.0.20
libwebm-1.0.0.21
libwebm-1.0.0.22
libwebm-1.0.0.23
libwebm-1.0.0.24
libwebm-1.0.0.25
libwebm-1.0.0.26
libwebm-1.0.0.27
libwebm-1.0.0.3
libwebm-1.0.0.4
libwebm-1.0.0.5
libwebm-1.0.0.6
libwebm-1.0.0.7
libwebm-1.0.0.8
libwebm-1.0.0.9