Univention Bugzilla – Bug 53410
libwebp: Multiple issues (4.4)
Last modified: 2021-06-09 18:27:47 CEST
New Debian libwebp 0.5.2-1+deb9u1 fixes: This update addresses the following issues: * out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009) * out-of-bounds read in ApplyFilter() (CVE-2018-25010) * heap-based buffer overflow in PutLE16() (CVE-2018-25011) * out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012) * out-of-bounds read in ShiftBytes() (CVE-2018-25013) * use of uninitialized value in ReadSymbol() (CVE-2018-25014) * heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) * out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330) * out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libwebp_0.5.2-1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/libwebp_0.5.2-1+deb9u1.dsc @@ -1,3 +1,25 @@ +0.5.2-1+deb9u1 [Sat, 05 Jun 2021 17:46:10 +0200] Anton Gladky <gladk@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix read-overflow while parsing VP8X chunk. + CVE-2018-25009 + * Fix alpha-filtering crash when image width is larger than radius. + CVE-2018-25010 + * muxread,anmf: fail on multiple image chunks. + CVE-2018-25011 + * Fix VP8IoTeardownHook being called twice on worker sync failure. + CVE-2018-25012 + * Fix out-of-bounds read in ShiftBytes. + CVE-2018-25013, CVE-2018-25014 + * Fix invalid check for buffer size + CVE-2020-36328 + * Fix thread race heap-use-after-free + CVE-2020-36329 + * Fix heap-buffer-overflow in ChunkVerifyAndAssign. + CVE-2020-36330 + * Validate chunk_size muxread. + CVE-2020-36331 + 0.5.2-1 [Tue, 03 Jan 2017 11:00:36 -0800] Jeff Breidenbach <jab@debian.org>: * New upstream release <http://piuparts.knut.univention.de/4.4-8/#996787717215961885>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x991>