PT-2018-3681 · Google+8 · Libwebp+8

Guilherme De Almeida Suckevicz

Publicado

2018-07-30

Atualizado

2023-02-10

CVE-2018-25011

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libwebp versions prior to 1.0.1

Description The issue is related to a heap-based buffer overflow in the libwebp library, which is used for encoding and decoding WebP images. This overflow can be exploited by a remote attacker to execute arbitrary code by creating a specially crafted file. The threat posed by this issue affects data confidentiality, integrity, and system availability.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the PutLE16() function until a patch is available.

Correção

Memory Corruption

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122

Identificadores relacionados

ALT-PU-2018-2673

BDU:2021-03099

CESA-2021_2328

CESA-2021_2354

CVE-2018-25011

DLA-2677-1

DSA-4930-1

OPENSUSE-SU-2021:1860-1

OPENSUSE-SU-2021_1860-1

RHSA-2021:2260

RHSA-2021:2328

RHSA-2021:2354

RHSA-2021:2364

RHSA-2021:2365

RHSA-2021_2260

RHSA-2021_2328

RHSA-2021_2354

RLSA-2021:2354

SUSE-SU-2021:1830-1

SUSE-SU-2021:1860-1

USN-4971-1

USN-4971-2

Produtos afetados

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libwebp

PT-2018-3681 · Google+8 · Libwebp+8

CVE-2018-25011

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 127