Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-36330 (GCVE-0-2020-36330)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:19 – Updated: 2024-08-04 17:23
VLAI
EPSS
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Severity
No CVSS data available.
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1956853 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-4930 | vendor-advisoryx_refsource_DEBIAN |
| https://support.apple.com/kb/HT212601 | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2021/Jul/54 | mailing-listx_refsource_FULLDISC |
| https://security.netapp.com/advisory/ntap-2021110… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-04T08:06:20.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-36330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"name": "https://support.apple.com/kb/HT212601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-36330",
"datePublished": "2021-05-21T16:19:44.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:23:10.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-36330",
"date": "2026-05-25",
"epss": "0.00402",
"percentile": "0.60969"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.0.1\", \"matchCriteriaId\": \"97062C06-0227-489B-8E3C-B62050B69C41\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.7\", \"matchCriteriaId\": \"3B5771AF-0A7B-4CB9-85C1-AE624498D080\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.7\", \"matchCriteriaId\": \"D3AF02B7-BF1F-483A-BA47-9B5B92AF1D29\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en libwebp en versiones anteriores a 1.0.1.\u0026#xa0;Se encontr\\u00f3 una lectura fuera de l\\u00edmites en la funci\\u00f3n ChunkVerifyAndAssign.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad del servicio\"}]",
"id": "CVE-2020-36330",
"lastModified": "2024-11-21T05:29:18.130",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-05-21T17:15:08.353",
"references": "[{\"url\": \"http://seclists.org/fulldisclosure/2021/Jul/54\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1956853\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211104-0004/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT212601\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4930\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2021/Jul/54\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1956853\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211104-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT212601\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4930\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-36330\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-05-21T17:15:08.353\",\"lastModified\":\"2024-11-21T05:29:18.130\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en libwebp en versiones anteriores a 1.0.1.\u0026#xa0;Se encontr\u00f3 una lectura fuera de l\u00edmites en la funci\u00f3n ChunkVerifyAndAssign.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad del servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1\",\"matchCriteriaId\":\"97062C06-0227-489B-8E3C-B62050B69C41\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.7\",\"matchCriteriaId\":\"3B5771AF-0A7B-4CB9-85C1-AE624498D080\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.7\",\"matchCriteriaId\":\"D3AF02B7-BF1F-483A-BA47-9B5B92AF1D29\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2021/Jul/54\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1956853\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211104-0004/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212601\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4930\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Jul/54\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1956853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211104-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-562
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 2021-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave versions ant\u00e9rieures \u00e0 2021-005",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30784"
},
{
"name": "CVE-2021-30799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30799"
},
{
"name": "CVE-2021-30672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30672"
},
{
"name": "CVE-2021-30765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30765"
},
{
"name": "CVE-2021-30731",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30731"
},
{
"name": "CVE-2021-30792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30792"
},
{
"name": "CVE-2018-25014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25014"
},
{
"name": "CVE-2021-30787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30787"
},
{
"name": "CVE-2021-30782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30782"
},
{
"name": "CVE-2021-30800",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30800"
},
{
"name": "CVE-2021-30733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30733"
},
{
"name": "CVE-2021-30766",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30766"
},
{
"name": "CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"name": "CVE-2021-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30774"
},
{
"name": "CVE-2021-30778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30778"
},
{
"name": "CVE-2021-30763",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30763"
},
{
"name": "CVE-2021-30776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30776"
},
{
"name": "CVE-2021-30677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30677"
},
{
"name": "CVE-2021-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30775"
},
{
"name": "CVE-2021-30789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30789"
},
{
"name": "CVE-2021-30759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30759"
},
{
"name": "CVE-2018-25010",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25010"
},
{
"name": "CVE-2021-30748",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30748"
},
{
"name": "CVE-2021-30796",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30796"
},
{
"name": "CVE-2021-30791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30791"
},
{
"name": "CVE-2021-30770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30770"
},
{
"name": "CVE-2021-30797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30797"
},
{
"name": "CVE-2021-30788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30788"
},
{
"name": "CVE-2021-30790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30790"
},
{
"name": "CVE-2021-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30703"
},
{
"name": "CVE-2021-30772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30772"
},
{
"name": "CVE-2021-30781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30781"
},
{
"name": "CVE-2021-30773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30773"
},
{
"name": "CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"name": "CVE-2021-30758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30758"
},
{
"name": "CVE-2021-30803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30803"
},
{
"name": "CVE-2021-30798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30798"
},
{
"name": "CVE-2021-30769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30769"
},
{
"name": "CVE-2021-30760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30760"
},
{
"name": "CVE-2021-30785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30785"
},
{
"name": "CVE-2021-30780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30780"
},
{
"name": "CVE-2020-36330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36330"
},
{
"name": "CVE-2021-30793",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30793"
},
{
"name": "CVE-2021-30779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30779"
},
{
"name": "CVE-2021-30805",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30805"
},
{
"name": "CVE-2021-30786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30786"
},
{
"name": "CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"name": "CVE-2021-30804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30804"
},
{
"name": "CVE-2021-30795",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30795"
},
{
"name": "CVE-2021-30777",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30777"
},
{
"name": "CVE-2020-36331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36331"
},
{
"name": "CVE-2021-30768",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30768"
},
{
"name": "CVE-2021-30802",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30802"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2021-30783",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30783"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-562",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212601 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212600 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212602 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212603 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212603"
}
]
}
CERTFR-2021-AVI-562
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 2021-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave versions ant\u00e9rieures \u00e0 2021-005",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30784"
},
{
"name": "CVE-2021-30799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30799"
},
{
"name": "CVE-2021-30672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30672"
},
{
"name": "CVE-2021-30765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30765"
},
{
"name": "CVE-2021-30731",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30731"
},
{
"name": "CVE-2021-30792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30792"
},
{
"name": "CVE-2018-25014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25014"
},
{
"name": "CVE-2021-30787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30787"
},
{
"name": "CVE-2021-30782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30782"
},
{
"name": "CVE-2021-30800",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30800"
},
{
"name": "CVE-2021-30733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30733"
},
{
"name": "CVE-2021-30766",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30766"
},
{
"name": "CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"name": "CVE-2021-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30774"
},
{
"name": "CVE-2021-30778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30778"
},
{
"name": "CVE-2021-30763",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30763"
},
{
"name": "CVE-2021-30776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30776"
},
{
"name": "CVE-2021-30677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30677"
},
{
"name": "CVE-2021-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30775"
},
{
"name": "CVE-2021-30789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30789"
},
{
"name": "CVE-2021-30759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30759"
},
{
"name": "CVE-2018-25010",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25010"
},
{
"name": "CVE-2021-30748",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30748"
},
{
"name": "CVE-2021-30796",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30796"
},
{
"name": "CVE-2021-30791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30791"
},
{
"name": "CVE-2021-30770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30770"
},
{
"name": "CVE-2021-30797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30797"
},
{
"name": "CVE-2021-30788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30788"
},
{
"name": "CVE-2021-30790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30790"
},
{
"name": "CVE-2021-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30703"
},
{
"name": "CVE-2021-30772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30772"
},
{
"name": "CVE-2021-30781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30781"
},
{
"name": "CVE-2021-30773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30773"
},
{
"name": "CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"name": "CVE-2021-30758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30758"
},
{
"name": "CVE-2021-30803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30803"
},
{
"name": "CVE-2021-30798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30798"
},
{
"name": "CVE-2021-30769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30769"
},
{
"name": "CVE-2021-30760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30760"
},
{
"name": "CVE-2021-30785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30785"
},
{
"name": "CVE-2021-30780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30780"
},
{
"name": "CVE-2020-36330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36330"
},
{
"name": "CVE-2021-30793",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30793"
},
{
"name": "CVE-2021-30779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30779"
},
{
"name": "CVE-2021-30805",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30805"
},
{
"name": "CVE-2021-30786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30786"
},
{
"name": "CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"name": "CVE-2021-30804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30804"
},
{
"name": "CVE-2021-30795",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30795"
},
{
"name": "CVE-2021-30777",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30777"
},
{
"name": "CVE-2020-36331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36331"
},
{
"name": "CVE-2021-30768",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30768"
},
{
"name": "CVE-2021-30802",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30802"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2021-30783",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30783"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-562",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212601 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212600 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212602 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212603 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212603"
}
]
}
alsa-2021:4231
Vulnerability from osv_almalinux
Published
2021-11-09 08:47
Modified
2021-11-12 10:20
Summary
Moderate: libwebp security update
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
-
libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)
-
libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)
-
libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)
-
libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)
-
libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)
-
libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)
-
libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)
-
libwebp: excessive memory allocation when reading a file (CVE-2020-36332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libwebp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libwebp-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n* libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n* libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n* libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n* libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n* libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:4231",
"modified": "2021-11-12T10:20:56Z",
"published": "2021-11-09T08:47:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-4231.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25009"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25010"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25012"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25013"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25014"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36330"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36331"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36332"
}
],
"related": [
"CVE-2018-25009",
"CVE-2018-25010",
"CVE-2018-25012",
"CVE-2018-25013",
"CVE-2018-25014",
"CVE-2020-36330",
"CVE-2020-36331",
"CVE-2020-36332"
],
"summary": "Moderate: libwebp security update"
}
BDU:2021-03104
Vulnerability from fstec - Published: 07.06.2021
VLAI
Title
Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации
Description
Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальной информации путем создания специально сформированного файла
Severity
Vendor
ООО «РусБИТех-Астра», ООО «Ред Софт», Google Inc, АО «НТЦ ИТ РОСА», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), libwebp, ROSA Virtualization (запись в едином реестре российских программ №5091), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 7.2 Муром (РЕД ОС), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), от 0.1.2 до 1.0.1 rc2 (libwebp), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 2.1 (ROSA Virtualization), до 2.8 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Использование рекомендаций:
Для РедОС:
http://repo.red-soft.ru/redos/7.2c/x86_64/updates/
Для libwebp:
https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для системы управления средой виртуализации «ROSA Virtualization»:
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2184
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения libwebp до версии 0.6.1+repack-2+deb10u2.osnova1
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет libwebp до 0.6.1-2+deb10u3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения libwebp до версии 0.5.2-1+deb9u1
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2684
Reference
http://repo.red-soft.ru/redos/7.2c/x86_64/updates/
https://www.cybersecurity-help.cz/vdb/SB2021060725
https://www.securitylab.ru/vulnerability/520950.php
https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2184
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://abf.rosa.ru/advisories/ROSA-SA-2025-2684
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:P/I:N/A:P",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Google Inc, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u043e\u0442 0.1.2 \u0434\u043e 1.0.1 rc2 (libwebp), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 2.1 (ROSA Virtualization), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.2c/x86_64/updates/\n\n\u0414\u043b\u044f libwebp:\nhttps://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: \nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2184\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libwebp \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.6.1+repack-2+deb10u2.osnova1\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libwebp \u0434\u043e 0.6.1-2+deb10u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libwebp \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.5.2-1+deb9u1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2684",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.06.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.03.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.06.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03104",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-36330",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), libwebp, ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.2 \u041c\u0443\u0440\u043e\u043c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libwebp \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 WebP, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libwebp \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 WebP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://repo.red-soft.ru/redos/7.2c/x86_64/updates/\nhttps://www.cybersecurity-help.cz/vdb/SB2021060725\nhttps://www.securitylab.ru/vulnerability/520950.php\nhttps://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2184\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2684",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,2)"
}
CNVD-2021-37654
Vulnerability from cnvd - Published: 2021-05-28
VLAI
Title
Libwebp越界读取漏洞(CNVD-2021-37654)
Description
Libwebp是一个WebP图像格式的编码和解码库。
Libwebp 1.0.1之前版本存在越界读取漏洞。攻击者可利用漏洞威胁数据机密性和服务可用性。
Severity
中
Patch Name
Libwebp越界读取漏洞(CNVD-2021-37654)的补丁
Patch Description
Libwebp是一个WebP图像格式的编码和解码库。
Libwebp 1.0.1之前版本存在越界读取漏洞。攻击者可利用漏洞威胁数据机密性和服务可用性。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-36330
Impacted products
| Name | Libwebp Libwebp <1.0.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-36330",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-36330"
}
},
"description": "Libwebp\u662f\u4e00\u4e2aWebP\u56fe\u50cf\u683c\u5f0f\u7684\u7f16\u7801\u548c\u89e3\u7801\u5e93\u3002\n\nLibwebp 1.0.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5a01\u80c1\u6570\u636e\u673a\u5bc6\u6027\u548c\u670d\u52a1\u53ef\u7528\u6027\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-37654",
"openTime": "2021-05-28",
"patchDescription": "Libwebp\u662f\u4e00\u4e2aWebP\u56fe\u50cf\u683c\u5f0f\u7684\u7f16\u7801\u548c\u89e3\u7801\u5e93\u3002\r\n\r\nLibwebp 1.0.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5a01\u80c1\u6570\u636e\u673a\u5bc6\u6027\u548c\u670d\u52a1\u53ef\u7528\u6027\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Libwebp\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2021-37654\uff09\u7684\u8865\u4e01",
"products": {
"product": "Libwebp Libwebp \u003c1.0.1"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-36330",
"serverity": "\u4e2d",
"submitTime": "2021-05-24",
"title": "Libwebp\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2021-37654\uff09"
}
FKIE_CVE-2020-36330
Vulnerability from fkie_nvd - Published: 2021-05-21 17:15 - Updated: 2024-11-21 05:29
Severity
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://seclists.org/fulldisclosure/2021/Jul/54 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1956853 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20211104-0004/ | Third Party Advisory | |
| secalert@redhat.com | https://support.apple.com/kb/HT212601 | Not Applicable | |
| secalert@redhat.com | https://www.debian.org/security/2021/dsa-4930 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/54 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1956853 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211104-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT212601 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4930 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmproject | libwebp | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux | 8.0 | |
| netapp | ontap_select_deploy_administration_utility | - | |
| apple | ipados | * | |
| apple | iphone_os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97062C06-0227-489B-8E3C-B62050B69C41",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5771AF-0A7B-4CB9-85C1-AE624498D080",
"versionEndExcluding": "14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AF02B7-BF1F-483A-BA47-9B5B92AF1D29",
"versionEndExcluding": "14.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en libwebp en versiones anteriores a 1.0.1.\u0026#xa0;Se encontr\u00f3 una lectura fuera de l\u00edmites en la funci\u00f3n ChunkVerifyAndAssign.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad del servicio"
}
],
"id": "CVE-2020-36330",
"lastModified": "2024-11-21T05:29:18.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T17:15:08.353",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-478J-8HP8-FJPW
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
{
"affected": [],
"aliases": [
"CVE-2020-36330"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-21T17:15:00Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"id": "GHSA-478j-8hp8-fjpw",
"modified": "2022-05-24T19:02:57Z",
"published": "2022-05-24T19:02:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36330"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212601"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-36330
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-36330",
"description": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"id": "GSD-2020-36330",
"references": [
"https://www.suse.com/security/cve/CVE-2020-36330.html",
"https://www.debian.org/security/2021/dsa-4930",
"https://access.redhat.com/errata/RHSA-2021:4231",
"https://ubuntu.com/security/CVE-2020-36330",
"https://linux.oracle.com/cve/CVE-2020-36330.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-36330"
],
"details": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"id": "GSD-2020-36330",
"modified": "2023-12-13T01:21:55.524871Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-36330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"name": "https://support.apple.com/kb/HT212601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.0.1",
"affected_versions": "All versions before 1.0.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-125",
"CWE-937"
],
"date": "2021-11-30",
"description": "An out-of-bounds read was found in function `ChunkVerifyAndAssign`. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"fixed_versions": [
"1.0.3"
],
"identifier": "CVE-2020-36330",
"identifiers": [
"CVE-2020-36330"
],
"not_impacted": "All versions starting from 1.0.1",
"package_slug": "conan/libwebp",
"pubdate": "2021-05-21",
"solution": "Upgrade to version 1.0.3 or above.",
"title": "Out-of-bounds Read",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-36330",
"https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
],
"uuid": "908f2c8a-d5a3-4fc4-b5b4-d40720af824b"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-36330"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"name": "https://support.apple.com/kb/HT212601",
"refsource": "CONFIRM",
"tags": [
"Not Applicable"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2021-11-30T19:43Z",
"publishedDate": "2021-05-21T17:15Z"
}
}
}
MSRC_CVE-2020-36330
Vulnerability from csaf_microsoft - Published: 2021-05-02 00:00 - Updated: 2021-05-25 00:00Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2020-36330 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2020-36330.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"tracking": {
"current_release_date": "2021-05-25T00:00:00.000Z",
"generator": {
"date": "2025-10-19T21:59:28.363Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2020-36330",
"initial_release_date": "2021-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-05-25T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 libwebp 1.0.3-1",
"product": {
"name": "\u003ccm1 libwebp 1.0.3-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 libwebp 1.0.3-1",
"product": {
"name": "cm1 libwebp 1.0.3-1",
"product_id": "16967"
}
}
],
"category": "product_name",
"name": "libwebp"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 libwebp 1.0.3-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 libwebp 1.0.3-1 as a component of CBL Mariner 1.0",
"product_id": "16967-16820"
},
"product_reference": "16967",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36330",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16967-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-36330 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2020-36330.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-25T00:00:00.000Z",
"details": "1.0.3-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
]
}
OPENSUSE-SU-2021:1860-1
Vulnerability from csaf_opensuse - Published: 2021-07-10 18:55 - Updated: 2021-07-10 18:55Summary
Security update for libwebp
Severity
Critical
Notes
Title of the patch: Security update for libwebp
Description of the patch: This update for libwebp fixes the following issues:
- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
Patchnames: openSUSE-SLE-15.3-2021-1860
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.1 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.1 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.1 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.1 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.7 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.1 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
48 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1185652 | self |
| https://bugzilla.suse.com/1185654 | self |
| https://bugzilla.suse.com/1185673 | self |
| https://bugzilla.suse.com/1185674 | self |
| https://bugzilla.suse.com/1185685 | self |
| https://bugzilla.suse.com/1185686 | self |
| https://bugzilla.suse.com/1185688 | self |
| https://bugzilla.suse.com/1185690 | self |
| https://bugzilla.suse.com/1185691 | self |
| https://bugzilla.suse.com/1186247 | self |
| https://www.suse.com/security/cve/CVE-2018-25009/ | self |
| https://www.suse.com/security/cve/CVE-2018-25010/ | self |
| https://www.suse.com/security/cve/CVE-2018-25011/ | self |
| https://www.suse.com/security/cve/CVE-2018-25012/ | self |
| https://www.suse.com/security/cve/CVE-2018-25013/ | self |
| https://www.suse.com/security/cve/CVE-2020-36328/ | self |
| https://www.suse.com/security/cve/CVE-2020-36329/ | self |
| https://www.suse.com/security/cve/CVE-2020-36330/ | self |
| https://www.suse.com/security/cve/CVE-2020-36331/ | self |
| https://www.suse.com/security/cve/CVE-2020-36332/ | self |
| https://www.suse.com/security/cve/CVE-2018-25009 | external |
| https://bugzilla.suse.com/1185673 | external |
| https://www.suse.com/security/cve/CVE-2018-25010 | external |
| https://bugzilla.suse.com/1185685 | external |
| https://www.suse.com/security/cve/CVE-2018-25011 | external |
| https://bugzilla.suse.com/1186247 | external |
| https://www.suse.com/security/cve/CVE-2018-25012 | external |
| https://bugzilla.suse.com/1185690 | external |
| https://www.suse.com/security/cve/CVE-2018-25013 | external |
| https://bugzilla.suse.com/1185654 | external |
| https://www.suse.com/security/cve/CVE-2020-36328 | external |
| https://bugzilla.suse.com/1185688 | external |
| https://www.suse.com/security/cve/CVE-2020-36329 | external |
| https://bugzilla.suse.com/1185652 | external |
| https://bugzilla.suse.com/1187486 | external |
| https://www.suse.com/security/cve/CVE-2020-36330 | external |
| https://bugzilla.suse.com/1185691 | external |
| https://bugzilla.suse.com/1187486 | external |
| https://www.suse.com/security/cve/CVE-2020-36331 | external |
| https://bugzilla.suse.com/1185686 | external |
| https://bugzilla.suse.com/1187486 | external |
| https://www.suse.com/security/cve/CVE-2020-36332 | external |
| https://bugzilla.suse.com/1185674 | external |
| https://bugzilla.suse.com/1187486 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libwebp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libwebp fixes the following issues:\n\n- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).\n- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).\n- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).\n- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).\n- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).\n- CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).\n- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).\n- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).\n- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).\n- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-1860",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1860-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1860-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4ZIJ3ZK5FGNGJN6E65XZKMQPSQ3RKNVG/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1860-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4ZIJ3ZK5FGNGJN6E65XZKMQPSQ3RKNVG/"
},
{
"category": "self",
"summary": "SUSE Bug 1185652",
"url": "https://bugzilla.suse.com/1185652"
},
{
"category": "self",
"summary": "SUSE Bug 1185654",
"url": "https://bugzilla.suse.com/1185654"
},
{
"category": "self",
"summary": "SUSE Bug 1185673",
"url": "https://bugzilla.suse.com/1185673"
},
{
"category": "self",
"summary": "SUSE Bug 1185674",
"url": "https://bugzilla.suse.com/1185674"
},
{
"category": "self",
"summary": "SUSE Bug 1185685",
"url": "https://bugzilla.suse.com/1185685"
},
{
"category": "self",
"summary": "SUSE Bug 1185686",
"url": "https://bugzilla.suse.com/1185686"
},
{
"category": "self",
"summary": "SUSE Bug 1185688",
"url": "https://bugzilla.suse.com/1185688"
},
{
"category": "self",
"summary": "SUSE Bug 1185690",
"url": "https://bugzilla.suse.com/1185690"
},
{
"category": "self",
"summary": "SUSE Bug 1185691",
"url": "https://bugzilla.suse.com/1185691"
},
{
"category": "self",
"summary": "SUSE Bug 1186247",
"url": "https://bugzilla.suse.com/1186247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-25009 page",
"url": "https://www.suse.com/security/cve/CVE-2018-25009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-25010 page",
"url": "https://www.suse.com/security/cve/CVE-2018-25010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-25011 page",
"url": "https://www.suse.com/security/cve/CVE-2018-25011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-25012 page",
"url": "https://www.suse.com/security/cve/CVE-2018-25012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-25013 page",
"url": "https://www.suse.com/security/cve/CVE-2018-25013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36328 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36329 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36330 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36332 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36332/"
}
],
"title": "Security update for libwebp",
"tracking": {
"current_release_date": "2021-07-10T18:55:42Z",
"generator": {
"date": "2021-07-10T18:55:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1860-1",
"initial_release_date": "2021-07-10T18:55:42Z",
"revision_history": [
{
"date": "2021-07-10T18:55:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libwebp6-0.5.0-3.5.1.aarch64",
"product": {
"name": "libwebp6-0.5.0-3.5.1.aarch64",
"product_id": "libwebp6-0.5.0-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpdecoder2-0.5.0-3.5.1.aarch64",
"product": {
"name": "libwebpdecoder2-0.5.0-3.5.1.aarch64",
"product_id": "libwebpdecoder2-0.5.0-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpextras0-0.5.0-3.5.1.aarch64",
"product": {
"name": "libwebpextras0-0.5.0-3.5.1.aarch64",
"product_id": "libwebpextras0-0.5.0-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpmux2-0.5.0-3.5.1.aarch64",
"product": {
"name": "libwebpmux2-0.5.0-3.5.1.aarch64",
"product_id": "libwebpmux2-0.5.0-3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp6-0.5.0-3.5.1.ppc64le",
"product": {
"name": "libwebp6-0.5.0-3.5.1.ppc64le",
"product_id": "libwebp6-0.5.0-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"product": {
"name": "libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"product_id": "libwebpdecoder2-0.5.0-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpextras0-0.5.0-3.5.1.ppc64le",
"product": {
"name": "libwebpextras0-0.5.0-3.5.1.ppc64le",
"product_id": "libwebpextras0-0.5.0-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpmux2-0.5.0-3.5.1.ppc64le",
"product": {
"name": "libwebpmux2-0.5.0-3.5.1.ppc64le",
"product_id": "libwebpmux2-0.5.0-3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp6-0.5.0-3.5.1.s390x",
"product": {
"name": "libwebp6-0.5.0-3.5.1.s390x",
"product_id": "libwebp6-0.5.0-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpdecoder2-0.5.0-3.5.1.s390x",
"product": {
"name": "libwebpdecoder2-0.5.0-3.5.1.s390x",
"product_id": "libwebpdecoder2-0.5.0-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpextras0-0.5.0-3.5.1.s390x",
"product": {
"name": "libwebpextras0-0.5.0-3.5.1.s390x",
"product_id": "libwebpextras0-0.5.0-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpmux2-0.5.0-3.5.1.s390x",
"product": {
"name": "libwebpmux2-0.5.0-3.5.1.s390x",
"product_id": "libwebpmux2-0.5.0-3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp6-0.5.0-3.5.1.x86_64",
"product": {
"name": "libwebp6-0.5.0-3.5.1.x86_64",
"product_id": "libwebp6-0.5.0-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebp6-32bit-0.5.0-3.5.1.x86_64",
"product": {
"name": "libwebp6-32bit-0.5.0-3.5.1.x86_64",
"product_id": "libwebp6-32bit-0.5.0-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpdecoder2-0.5.0-3.5.1.x86_64",
"product": {
"name": "libwebpdecoder2-0.5.0-3.5.1.x86_64",
"product_id": "libwebpdecoder2-0.5.0-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"product": {
"name": "libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"product_id": "libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpextras0-0.5.0-3.5.1.x86_64",
"product": {
"name": "libwebpextras0-0.5.0-3.5.1.x86_64",
"product_id": "libwebpextras0-0.5.0-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"product": {
"name": "libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"product_id": "libwebpextras0-32bit-0.5.0-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpmux2-0.5.0-3.5.1.x86_64",
"product": {
"name": "libwebpmux2-0.5.0-3.5.1.x86_64",
"product_id": "libwebpmux2-0.5.0-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpmux2-32bit-0.5.0-3.5.1.x86_64",
"product": {
"name": "libwebpmux2-32bit-0.5.0-3.5.1.x86_64",
"product_id": "libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp6-0.5.0-3.5.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64"
},
"product_reference": "libwebp6-0.5.0-3.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp6-0.5.0-3.5.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le"
},
"product_reference": "libwebp6-0.5.0-3.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp6-0.5.0-3.5.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x"
},
"product_reference": "libwebp6-0.5.0-3.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp6-0.5.0-3.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64"
},
"product_reference": "libwebp6-0.5.0-3.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp6-32bit-0.5.0-3.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64"
},
"product_reference": "libwebp6-32bit-0.5.0-3.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder2-0.5.0-3.5.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64"
},
"product_reference": "libwebpdecoder2-0.5.0-3.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder2-0.5.0-3.5.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le"
},
"product_reference": "libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder2-0.5.0-3.5.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x"
},
"product_reference": "libwebpdecoder2-0.5.0-3.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder2-0.5.0-3.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64"
},
"product_reference": "libwebpdecoder2-0.5.0-3.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64"
},
"product_reference": "libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpextras0-0.5.0-3.5.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64"
},
"product_reference": "libwebpextras0-0.5.0-3.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpextras0-0.5.0-3.5.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le"
},
"product_reference": "libwebpextras0-0.5.0-3.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpextras0-0.5.0-3.5.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x"
},
"product_reference": "libwebpextras0-0.5.0-3.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpextras0-0.5.0-3.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64"
},
"product_reference": "libwebpextras0-0.5.0-3.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpextras0-32bit-0.5.0-3.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64"
},
"product_reference": "libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux2-0.5.0-3.5.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64"
},
"product_reference": "libwebpmux2-0.5.0-3.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux2-0.5.0-3.5.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le"
},
"product_reference": "libwebpmux2-0.5.0-3.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux2-0.5.0-3.5.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x"
},
"product_reference": "libwebpmux2-0.5.0-3.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux2-0.5.0-3.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64"
},
"product_reference": "libwebpmux2-0.5.0-3.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux2-32bit-0.5.0-3.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
},
"product_reference": "libwebpmux2-32bit-0.5.0-3.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-25009"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-25009",
"url": "https://www.suse.com/security/cve/CVE-2018-25009"
},
{
"category": "external",
"summary": "SUSE Bug 1185673 for CVE-2018-25009",
"url": "https://bugzilla.suse.com/1185673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "critical"
}
],
"title": "CVE-2018-25009"
},
{
"cve": "CVE-2018-25010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-25010"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-25010",
"url": "https://www.suse.com/security/cve/CVE-2018-25010"
},
{
"category": "external",
"summary": "SUSE Bug 1185685 for CVE-2018-25010",
"url": "https://bugzilla.suse.com/1185685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "critical"
}
],
"title": "CVE-2018-25010"
},
{
"cve": "CVE-2018-25011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-25011"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-25011",
"url": "https://www.suse.com/security/cve/CVE-2018-25011"
},
{
"category": "external",
"summary": "SUSE Bug 1186247 for CVE-2018-25011",
"url": "https://bugzilla.suse.com/1186247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "critical"
}
],
"title": "CVE-2018-25011"
},
{
"cve": "CVE-2018-25012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-25012"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-25012",
"url": "https://www.suse.com/security/cve/CVE-2018-25012"
},
{
"category": "external",
"summary": "SUSE Bug 1185690 for CVE-2018-25012",
"url": "https://bugzilla.suse.com/1185690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "critical"
}
],
"title": "CVE-2018-25012"
},
{
"cve": "CVE-2018-25013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-25013"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-25013",
"url": "https://www.suse.com/security/cve/CVE-2018-25013"
},
{
"category": "external",
"summary": "SUSE Bug 1185654 for CVE-2018-25013",
"url": "https://bugzilla.suse.com/1185654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "critical"
}
],
"title": "CVE-2018-25013"
},
{
"cve": "CVE-2020-36328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36328"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36328",
"url": "https://www.suse.com/security/cve/CVE-2020-36328"
},
{
"category": "external",
"summary": "SUSE Bug 1185688 for CVE-2020-36328",
"url": "https://bugzilla.suse.com/1185688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "critical"
}
],
"title": "CVE-2020-36328"
},
{
"cve": "CVE-2020-36329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36329"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36329",
"url": "https://www.suse.com/security/cve/CVE-2020-36329"
},
{
"category": "external",
"summary": "SUSE Bug 1185652 for CVE-2020-36329",
"url": "https://bugzilla.suse.com/1185652"
},
{
"category": "external",
"summary": "SUSE Bug 1187486 for CVE-2020-36329",
"url": "https://bugzilla.suse.com/1187486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-36329"
},
{
"cve": "CVE-2020-36330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36330"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36330",
"url": "https://www.suse.com/security/cve/CVE-2020-36330"
},
{
"category": "external",
"summary": "SUSE Bug 1185691 for CVE-2020-36330",
"url": "https://bugzilla.suse.com/1185691"
},
{
"category": "external",
"summary": "SUSE Bug 1187486 for CVE-2020-36330",
"url": "https://bugzilla.suse.com/1187486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "important"
}
],
"title": "CVE-2020-36330"
},
{
"cve": "CVE-2020-36331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36331",
"url": "https://www.suse.com/security/cve/CVE-2020-36331"
},
{
"category": "external",
"summary": "SUSE Bug 1185686 for CVE-2020-36331",
"url": "https://bugzilla.suse.com/1185686"
},
{
"category": "external",
"summary": "SUSE Bug 1187486 for CVE-2020-36331",
"url": "https://bugzilla.suse.com/1187486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "critical"
}
],
"title": "CVE-2020-36331"
},
{
"cve": "CVE-2020-36332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36332"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36332",
"url": "https://www.suse.com/security/cve/CVE-2020-36332"
},
{
"category": "external",
"summary": "SUSE Bug 1185674 for CVE-2020-36332",
"url": "https://bugzilla.suse.com/1185674"
},
{
"category": "external",
"summary": "SUSE Bug 1187486 for CVE-2020-36332",
"url": "https://bugzilla.suse.com/1187486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebp6-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebp6-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpdecoder2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpdecoder2-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpextras0-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpextras0-32bit-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.aarch64",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.ppc64le",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.s390x",
"openSUSE Leap 15.3:libwebpmux2-0.5.0-3.5.1.x86_64",
"openSUSE Leap 15.3:libwebpmux2-32bit-0.5.0-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T18:55:42Z",
"details": "important"
}
],
"title": "CVE-2020-36332"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…