Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2021:1830-1 Severe: libwebp Heap Overflow Vulnerability Alert

suse
Calendar Grey June 2, 2021
Dist Suse Esm H88
Essential patch for libwebp addresses several buffer overflow vulnerabilities on SUSE platforms. Prompt response recommended.
An update that fixes 9 vulnerabilities is now available

Summary

This update for libwebp fixes the following issues: - CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).

Topics%20covered

Topics Covered

security advisory buffer overflow critical patch heap overflow SUSE libwebp

References

#1185652 #1185654 #1185673 #1185674 #1185685

#1185686 #1185690 #1185691 #1186247

Cross- CVE-2018-25009 CVE-2018-25010 CVE-2018-25011

CVE-2018-25012 CVE-2018-25013 CVE-2020-36329

CVE-2020-36330 CVE-2020-36331 CVE-2020-36332

CVSS scores:

CVE-2018-25009 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2018-25009 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2018-25010 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2018-25010 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2018-25011 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-25011 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-25012 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:1830-1
Rating: critical

Topics%20covered

Topics Covered

security advisory buffer overflow critical patch heap overflow SUSE libwebp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here