Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE: 2021:1860-1 Critical: libwebp Heap Overflow Fix

opensuse
Calendar Grey July 10, 2021
Dist Opensuse Esm H88
This security update addresses 10 critical vulnerabilities in the libwebp library for openSUSE. Follow the update steps to secure your systems
An update that fixes 10 vulnerabilities is now available

Description

This update for libwebp fixes the following issues:

- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter()

(bsc#1185685).

- CVE-2020-36330: Fixed heap-based buffer overflow in

ChunkVerifyAndAssign() (bsc#1185691).

- CVE-2020-36332: Fixed extreme memory allocation when reading a file

(bsc#1185674).

- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).

- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24()

(bsc#1185690).

- CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into

functions (bsc#1185688).

- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes()

(bsc#1185654).

- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData()

(bsc#1185686).

- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16()

(bsc#1185673).

- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).

Topics%20covered

Topics Covered

security advisory critical update vulnerability heap overflow openSUSE libwebp

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-1860=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

libwebp6-0.5.0-3.5.1

libwebp6-debuginfo-0.5.0-3.5.1

libwebpdecoder2-0.5.0-3.5.1

libwebpdecoder2-debuginfo-0.5.0-3.5.1

libwebpextras0-0.5.0-3.5.1

libwebpextras0-debuginfo-0.5.0-3.5.1

libwebpmux2-0.5.0-3.5.1

libwebpmux2-debuginfo-0.5.0-3.5.1

- openSUSE Leap 15.3 (x86_64):

libwebp6-32bit-0.5.0-3.5.1

libwebp6-32bit-debuginfo-0.5.0-3.5.1

libwebpdecoder2-32bit-0.5.0-3.5.1

libwebpdecoder2-32bit-debuginfo-0.5.0-3.5.1

libwebpextras0-32bit-0.5.0-3.5.1

libwebpextras0-32bit-debuginfo-0.5.0-3.5.1

libwebpmux2-32bit-0.5.0-3.5.1

libwebpmux2-32bit-debuginfo-0.5.0-3.5.1

References

https://www.suse.com/security/cve/CVE-2018-25009.html

https://www.suse.com/security/cve/CVE-2018-25010.html

https://www.suse.com/security/cve/CVE-2018-25011.html

https://www.suse.com/security/cve/CVE-2018-25012.html

https://www.suse.com/security/cve/CVE-2018-25013.html

https://www.suse.com/security/cve/CVE-2020-36328.html

https://www.suse.com/security/cve/CVE-2020-36329.html

https://www.suse.com/security/cve/CVE-2020-36330.html

https://www.suse.com/security/cve/CVE-2020-36331.html

https://www.suse.com/security/cve/CVE-2020-36332.html

https://bugzilla.suse.com/1185652

https://bugzilla.suse.com/1185654

https://bugzilla.suse.com/1185673

https://bugzilla.suse.com/1185674

https://bugzilla.suse.com/1185685

https://bugzilla.suse.com/1185686

https://bugzilla.suse.com/1185688

https://bugzilla.suse.com/1185690

https://bugzilla.suse.com/1185691

https://bugzilla.suse.com/1186247

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1860-1
Rating: critical
Affected Products: openSUSE Leap 15.3 .

Topics%20covered

Topics Covered

security advisory critical update vulnerability heap overflow openSUSE libwebp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here