Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 16.04 LTS: USN-6078-2 Critical: libwebp Denial of Service

ubuntu
Calendar Grey July 18, 2023
Dist Ubuntu Esm H88
A vulnerability in libwebp impacts Ubuntu 16.04 LTS, enabling potential code execution or system crashes when processing maliciously designed files.
libwebp could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

libwebp could be made to crash or run programs as your login if it opened a

specially crafted file.

Software Description:

- libwebp: Lossy compression of digital photographic images.

Details:

USN-6078-1 fixed a vulnerability in libwebp. This update

provides the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

 Irvan Kurniawan discovered that libwebp incorrectly handled certain memory

 operations. If a user or automated system were tricked into opening a

 specially crafted image file, a remote attacker could use this issue to

 cause libwebp to crash, resulting in a denial of service, or possibly

 execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libwebp5                           0.4.4-1ubuntu0.1~esm2
   libwebpdemux1                0.4.4-1ubuntu0.1~esm2
   libwebpmux1                    0.4.4-1ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6078-2

 

  CVE-2023-1999

Severity
critical
Lowest
Low
Medium
High
Critical

July 18, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.