Home

CVE-2020-36328

Description

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.527

Associated Vulnerability

VulnerabilityOS Platform
Lossy compression of digital photographic images. (USN-4971-1) libwebp6_0.6.1-2ubuntu0.18.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebp6_0.6.1-2ubuntu0.18.04.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebp6_0.6.1-2ubuntu0.20.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebp6_0.6.1-2ubuntu0.20.04.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebp6_0.6.1-2ubuntu0.20.10.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebp6_0.6.1-2ubuntu0.20.10.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebp6_0.6.1-2ubuntu0.21.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebp6_0.6.1-2ubuntu0.21.04.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpmux3_0.6.1-2ubuntu0.18.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpmux3_0.6.1-2ubuntu0.18.04.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpmux3_0.6.1-2ubuntu0.20.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpmux3_0.6.1-2ubuntu0.20.04.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpmux3_0.6.1-2ubuntu0.20.10.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpmux3_0.6.1-2ubuntu0.20.10.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpmux3_0.6.1-2ubuntu0.21.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpmux3_0.6.1-2ubuntu0.21.04.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpdemux2_0.6.1-2ubuntu0.18.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpdemux2_0.6.1-2ubuntu0.18.04.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpdemux2_0.6.1-2ubuntu0.20.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpdemux2_0.6.1-2ubuntu0.20.04.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpdemux2_0.6.1-2ubuntu0.20.10.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpdemux2_0.6.1-2ubuntu0.20.10.1_amd64.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpdemux2_0.6.1-2ubuntu0.21.04.1_i386.debLinux
Lossy compression of digital photographic images. (USN-4971-1) libwebpdemux2_0.6.1-2ubuntu0.21.04.1_amd64.debLinux
(RHSA-2021:2328) qt5-qtimageformats security update qt5-qtimageformats-5.9.7-2.el7_9.i686.rpmLinux
(RHSA-2021:2328) qt5-qtimageformats security update qt5-qtimageformats-5.9.7-2.el7_9.x86_64.rpmLinux
(RHSA-2021:2328) qt5-qtimageformats security update qt5-qtimageformats-doc-5.9.7-2.el7_9.noarch.rpmLinux
(RHSA-2021:2354) libwebp security update libwebp-1.0.0-3.el8_4.i686.rpmLinux
(RHSA-2021:2354) libwebp security update libwebp-1.0.0-3.el8_4.x86_64.rpmLinux
(RHSA-2021:2354) libwebp security update libwebp-debugsource-1.0.0-3.el8_4.i686.rpmLinux
(RHSA-2021:2354) libwebp security update libwebp-debugsource-1.0.0-3.el8_4.x86_64.rpmLinux
(RHSA-2021:2354) libwebp security update libwebp-devel-1.0.0-3.el8_4.i686.rpmLinux
(RHSA-2021:2354) libwebp security update libwebp-devel-1.0.0-3.el8_4.x86_64.rpmLinux
(RHSA-2021:2260) libwebp security update libwebp-java-0.3.0-10.el7_9.x86_64.rpmLinux
(RHSA-2021:2260) libwebp security update libwebp-tools-0.3.0-10.el7_9.x86_64.rpmLinux
(RHSA-2021:2328)Important: security update qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.i686.rpmLinux
(RHSA-2021:2328)Important: security update qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.x86_64.rpmLinux
Qt5-qtimageformats update (ELSA-2021-2328) qt5-qtimageformats-5.9.7-2.el7_9.i686.rpmLinux
Qt5-qtimageformats update (ELSA-2021-2328) qt5-qtimageformats-5.9.7-2.el7_9.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234