Package "webp"
Name: |
webp
|
Description: |
Lossy compression of digital photographic images.
|
Latest version: |
0.6.1-2ubuntu0.20.04.3 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Head package: |
libwebp |
Homepage: |
https://developers.google.com/speed/webp/ |
Links
Download "webp"
Other versions of "webp" in Focal
Changelog
libwebp (0.6.1-2ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in BuildHuffmanTable
- debian/patches/CVE-2023-4863-pre1.patch: speedups for unused Huffman
groups in src/dec/vp8l_dec.c, src/utils/huffman_utils.c,
src/utils/huffman_utils.h.
- debian/patches/CVE-2023-4863.patch: fix OOB write in
BuildHuffmanTable in src/dec/vp8l_dec.c, src/dec/vp8li_dec.h,
src/utils/huffman_utils.c, src/utils/huffman_utils.h.
- CVE-2023-4863
-- Marc Deslauriers <email address hidden> Wed, 13 Sep 2023 14:06:44 -0400
|
Source diff to previous version |
CVE-2023-4863 |
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 ... |
|
libwebp (0.6.1-2ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: crash and possible code execution via double free
- debian/patches/CVE-2023-1999.patch: clear result->bw on error in
src/enc/alpha_enc.c.
- CVE-2023-1999
-- Marc Deslauriers <email address hidden> Mon, 15 May 2023 14:14:09 -0400
|
Source diff to previous version |
libwebp (0.6.1-2ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24()
- debian/patches/CVE-2018-25009.patch: check data_size in
src/mux/muxread.c.
- CVE-2018-25009
- CVE-2018-25012
* SECURITY UPDATE: heap-based buffer overflow in ApplyFilter()
- debian/patches/CVE-2018-25010.patch: limit the filter size in
src/utils/quant_levels_dec_utils.c.
- CVE-2018-25010
* SECURITY UPDATE: heap-based buffer overflow in PutLE16()
- debian/patches/CVE-2018-25011.patch: limit number of image chunks in
src/mux/muxread.c.
- CVE-2018-25011
* SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in
ReadSymbol()
- debian/patches/CVE-2018-25013_4.patch: wait for all threads to be
done in DecodeRemaining in src/dec/idec_dec.c.
- CVE-2018-25013
- CVE-2018-25014
* SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions
- debian/patches/CVE-2020-36328.patch: fix buffer size check in
src/dec/buffer_dec.c.
- CVE-2020-36328
* SECURITY UPDATE: use-after-free in EmitFancyRGB()
- debian/patches/CVE-2020-36329.patch: fix thread race
heap-use-after-free in src/dec/idec_dec.c.
- CVE-2020-36329
* SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign()
- debian/patches/CVE-2020-36330.patch: fix riff size checks in
src/mux/muxread.c.
- CVE-2020-36330
* SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData()
- debian/patches/CVE-2020-36331.patch: validate chunk_size in
src/mux/muxi.h, src/mux/muxread.c.
- CVE-2020-36331
* SECURITY UPDATE: extreme memory allocation when reading a file
- debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation
when reading invalid Huffman codes in src/dec/vp8l_dec.c.
- debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman
codes in src/dec/vp8l_dec.c.
- CVE-2020-36332
-- Marc Deslauriers <email address hidden> Thu, 20 May 2021 07:52:26 -0400
|
CVE-2018-25009 |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this |
CVE-2018-25012 |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this |
CVE-2018-25010 |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerabi |
CVE-2018-25011 |
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability |
CVE-2018-25013 |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerabil |
CVE-2018-25014 |
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerabil |
CVE-2020-36328 |
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check |
CVE-2020-36329 |
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this |
CVE-2020-36330 |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this |
CVE-2020-36331 |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulne |
CVE-2020-36332 |
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from th |
|
About
-
Send Feedback to @ubuntu_updates