CVE-2020-36328

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:apple:ipados:14.7:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "14.7"
                }
            ],
            "vendor_product": "apple:ipados"
        },
        {
            "cpes": [
                "cpe:2.3:o:apple:iphone_os:14.7:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "14.7"
                }
            ],
            "vendor_product": "apple:iphone_os"
        },
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                },
                {
                    "last_affected": "10.0"
                }
            ],
            "vendor_product": "debian:debian_linux"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "7.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "vendor_product": "redhat:enterprise_linux"
        }
    ]
}

References

Affected packages

Git / github.com/webmproject/libwebp

Affected ranges

Type

GIT

Repo

https://github.com/webmproject/libwebp

Events

Introduced

Fixed

e85d3313d6d52b1e9c6c181b488fc0831a747de8

Database specific

{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.1"
        }
    ]
}

Affected versions

v0.*

v0.1.2

v0.1.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36328.json"