SUSE-SU-2021:1830-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2021/suse-su-20211830-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1830-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:1830-1
Related
Published
2021-06-02T12:23:27Z
Modified
2021-06-02T12:23:27Z
Summary
Security update for libwebp
Details

This update for libwebp fixes the following issues:

  • CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
  • CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
  • CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
  • CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
  • CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
  • CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
  • CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
  • CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
  • CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
References

Affected packages

SUSE:HPE Helion OpenStack 8 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebpmux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpmux1": "0.4.3-4.7.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebpmux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebpmux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebpmux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebpmux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP3 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp-devel": "0.4.3-4.7.1",
            "libwebpmux1": "0.4.3-4.7.1",
            "libwebpdecoder1": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-LTSS / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp5-32bit": "0.4.3-4.7.1",
            "libwebpdemux1": "0.4.3-4.7.1",
            "libwebp5": "0.4.3-4.7.1"
        }
    ]
}