openSUSE-SU-2021:1860-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1860-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:1860-1
Upstream
Related
Published
2021-07-10T18:55:42Z
Modified
2025-05-08T17:45:28.057991Z
Summary
Security update for libwebp
Details

This update for libwebp fixes the following issues:

  • CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
  • CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
  • CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
  • CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
  • CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
  • CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).
  • CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
  • CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
  • CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
  • CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
References

Affected packages

openSUSE:Leap 15.3 / libwebp

Package

Name
libwebp
Purl
pkg:rpm/opensuse/libwebp&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "libwebpmux2-32bit": "0.5.0-3.5.1",
            "libwebpextras0": "0.5.0-3.5.1",
            "libwebp6": "0.5.0-3.5.1",
            "libwebpdecoder2-32bit": "0.5.0-3.5.1",
            "libwebp6-32bit": "0.5.0-3.5.1",
            "libwebpextras0-32bit": "0.5.0-3.5.1",
            "libwebpdecoder2": "0.5.0-3.5.1",
            "libwebpmux2": "0.5.0-3.5.1"
        }
    ]
}