SciLinux: SLSA-2021-2260-1 Important: libwebp on SL7.x x86_64 | Li...

What Are You Looking For?

Popular Tags

Contribute
Synopsis:          Important: libwebp security update
Advisory ID:       SLSA-2021:2260-1
Issue Date:        2021-06-07
CVE Numbers:       CVE-2020-36328
                   CVE-2020-36329
                   CVE-2018-25011
--

Security Fix(es):

* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)

* libwebp: heap-based buffer overflow in WebPDecode*Into functions
(CVE-2020-36328)

* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c
(CVE-2020-36329)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE


---
SL7
 x86_64
 - libwebp-0.3.0-10.el7_9.i686.rpm
 - libwebp-0.3.0-10.el7_9.x86_64.rpm
 - libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm
 - libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm
 - libwebp-devel-0.3.0-10.el7_9.i686.rpm
 - libwebp-devel-0.3.0-10.el7_9.x86_64.rpm
 - libwebp-java-0.3.0-10.el7_9.x86_64.rpm
 - libwebp-tools-0.3.0-10.el7_9.x86_64.rpm
--

- Scientific Linux Development Team

SciLinux: SLSA-2021-2260-1 Important: libwebp on SL7.x x86_64

libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in E...

Summary

Important: libwebp security update



Security Fixes

* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)
* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)
* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE

SL7 x86_64 - libwebp-0.3.0-10.el7_9.i686.rpm - libwebp-0.3.0-10.el7_9.x86_64.rpm - libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm - libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm - libwebp-devel-0.3.0-10.el7_9.i686.rpm - libwebp-devel-0.3.0-10.el7_9.x86_64.rpm - libwebp-java-0.3.0-10.el7_9.x86_64.rpm - libwebp-tools-0.3.0-10.el7_9.x86_64.rpm
- Scientific Linux Development Team

Severity
Advisory ID: SLSA-2021:2260-1
Issued Date: : 2021-06-07
CVE Numbers: CVE-2020-36328
CVE-2020-36329
CVE-2018-25011

Related News

New TPM 2.0 Flaws Could Let Hackers Steal Cryptographic Keys

Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution

Developer Survey Paints Software Landscape

News

Advisories

HOWTOs

Features

ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems
ZeroLock: How to Defend Against Ransomware on Linux

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy