CVE-2020-36328
- Source
- https://cve.org/CVERecord?id=CVE-2020-36328
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36328.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-36328
- Downstream
- Related
- Published
- 2021-05-21T17:15:08.270Z
- Modified
- 2026-02-12T07:33:28.695805Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- References
-
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://bugzilla.redhat.com/show_bug.cgi?id=1956829
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://security.netapp.com/advisory/ntap-20211112-0001/
- https://support.apple.com/kb/HT212601
- https://www.debian.org/security/2021/dsa-4930
- https://bugzilla.redhat.com/show_bug.cgi?id=1956829
- https://bugzilla.redhat.com/show_bug.cgi?id=1956829
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
Affected packages
Git / github.com/webmproject/libwebp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webmproject/libwebp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.2
v0.1.3
v0.1.99
v0.2.0
v0.2.0-rc1
v0.2.1
v0.3.0
v0.3.0-rc6
v0.3.0-rc7
v0.3.1
v0.3.1-rc1
v0.3.1-rc2
v0.4.0
v0.4.0-rc1
v0.4.1
v0.4.1-rc1
v0.5.0
v0.5.0-rc1
v0.5.1
v0.5.1-rc5
v0.5.2
v0.5.2-rc2
v0.6.0
v0.6.0-rc2
v0.6.0-rc3
v0.6.1
v0.6.1-rc2
v1.*
v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3