Univention Bugzilla – Bug 53443
libwebp: Multiple issues (5.0)
Last modified: 2021-09-28 18:25:21 CEST
New Debian libwebp 0.6.1-2+deb10u1 fixes: This update addresses the following issues: * out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009) * out-of-bounds read in ApplyFilter() (CVE-2018-25010) * heap-based buffer overflow in PutLE16() (CVE-2018-25011) * out-of-bounds read in ShiftBytes() (CVE-2018-25013) * use of uninitialized value in ReadSymbol() (CVE-2018-25014) * heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) * out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330) * out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331) * extreme memory allocation when reading a file (CVE-2020-36332)
*** This bug has been marked as a duplicate of bug 53441 ***