SUSE-SU-2021:1860-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2021/suse-su-20211860-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1860-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:1860-1
Related
Published
2021-06-04T07:04:48Z
Modified
2021-06-04T07:04:48Z
Summary
Security update for libwebp
Details

This update for libwebp fixes the following issues:

  • CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
  • CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
  • CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
  • CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
  • CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
  • CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).
  • CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
  • CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
  • CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
  • CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP2 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp6-32bit": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP3 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp6-32bit": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOS / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-BCL / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Manager Proxy 4.0 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Manager%20Proxy%204.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Manager Retail Branch Server 4.0 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Manager Server 4.0 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Manager%20Server%204.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP2 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp6": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP3 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebp6": "0.5.0-3.5.1"
        }
    ]
}

SUSE:Enterprise Storage 6 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/suse/libwebp&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpdemux2": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebp-devel": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1"
        }
    ]
}