libwebp-1.2.0-6.el9

エラータID: AXSA:2023-5321:02

Release date: 
Monday, May 8, 2023 - 12:09
Subject: 
libwebp-1.2.0-6.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.

Security Fix(es):

* Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-1999
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2023-1999
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
Additional Info: 

N/A

Download: 

SRPMS
  1. libwebp-1.2.0-6.el9.src.rpm
    MD5: 734518e770f2c60ba40dc40046154d79
    SHA-256: aa1039deb09c0766e5f88f93faded5facfdc75334ad8bc273a58dcfc6022277f
    Size: 3.92 MB

Asianux Server 9 for x86_64
  1. libwebp-1.2.0-6.el9.i686.rpm
    MD5: b5280e6d3608e8a912303cd8b51a2365
    SHA-256: 30d99ab7e0d21cf04e5cdb120f51ff6524102aac4f70555d3c395679d64c3612
    Size: 284.37 kB
  2. libwebp-1.2.0-6.el9.x86_64.rpm
    MD5: 6ed745488096cb9076f8cbd77b5c9e6b
    SHA-256: b0fe81c00940f1ec19bc69ea3ab32241e31838c65cff954ff930c5e1ee7855d0
    Size: 274.68 kB
  3. libwebp-devel-1.2.0-6.el9.i686.rpm
    MD5: 2f5b1729f27bee7218fc9151bbb83681
    SHA-256: 0ce094537c8f0853c73dea7a8d56873ad5657bd6e893c9be849c119d76225f2d
    Size: 31.50 kB
  4. libwebp-devel-1.2.0-6.el9.x86_64.rpm
    MD5: 77526f842f603aeaf28f1bc9b82de6e3
    SHA-256: ff1f39f5c5e60465a82f8d18cb0b438a23dfddab98155800654e7ff236f4809d
    Size: 31.51 kB
  5. libwebp-tools-1.2.0-6.el9.x86_64.rpm
    MD5: 48ee15ac16bac46706959e56ff8af487
    SHA-256: 941c649eccaa9db3b9b3b328d621284b12c7df60d87d1170d6fe39a6c8e9bb13
    Size: 101.53 kB