libwebp-1.0.0-3.el8
エラータID: AXSA:2021-2201:02
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)
* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)
* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-25011
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36328
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36329
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Update packages.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
N/A
SRPMS
- libwebp-1.0.0-3.el8.src.rpm
MD5: 6849c318a897e959fa0af415426f0133
SHA-256: fbe982620d212a3f4a2ed85971b23ea0f2e9c9bec1e72bd6780eeca5261e6ebe
Size: 3.85 MB
Asianux Server 8 for x86_64
- libwebp-1.0.0-3.el8.x86_64.rpm
MD5: 4a86de3aa524db626af1374f83dabad9
SHA-256: 54329e856bcc9c81785e14082d1ba5cd6f9624556734f53a0a5e3a9a9c73cd71
Size: 270.98 kB - libwebp-devel-1.0.0-3.el8.x86_64.rpm
MD5: 20bf7066754df26ffb771f3268645d42
SHA-256: 91afac1c8be7fc34772ae083c5773986ddc4604b1863e1b207b5374a5de6487c
Size: 36.10 kB - libwebp-1.0.0-3.el8.i686.rpm
MD5: 0447195683c12177712ffbcb95be378d
SHA-256: a8834df4a9cbfc3074bb29ca0df6b971c94a8788b409edb753a12bb761784fa6
Size: 291.12 kB - libwebp-devel-1.0.0-3.el8.i686.rpm
MD5: 950f2ae964c8394831780fb4ba36d980
SHA-256: 409337574d3255b47912eddd500f67de365421be330dfa66181b946bb3dbec20
Size: 36.10 kB