openSUSE-SU-2021:1860-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1860-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:1860-1

Related

Published

2021-07-10T18:55:42Z

Modified

2021-07-10T18:55:42Z

Summary

Security update for libwebp

Details

This update for libwebp fixes the following issues:

CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).
CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).

References

Affected packages

openSUSE:Leap 15.3 / libwebp

Package

Name: libwebp
Purl: pkg:rpm/opensuse/libwebp&distro=openSUSE%20Leap%2015.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.0-3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "libwebp6": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1",
            "libwebpextras0-32bit": "0.5.0-3.5.1",
            "libwebpmux2-32bit": "0.5.0-3.5.1",
            "libwebp6-32bit": "0.5.0-3.5.1",
            "libwebpdecoder2-32bit": "0.5.0-3.5.1"
        }
    ]
}