PT-2018-3681 · Google+8 · Libwebp+8

Guilherme De Almeida Suckevicz

Published

2018-07-30

Updated

2023-02-10

CVE-2018-25011

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libwebp versions prior to 1.0.1

Description The issue is related to a heap-based buffer overflow in the libwebp library, which is used for encoding and decoding WebP images. This overflow can be exploited by a remote attacker to execute arbitrary code by creating a specially crafted file. The threat posed by this issue affects data confidentiality, integrity, and system availability.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the PutLE16() function until a patch is available.

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2018-2673

BDU:2021-03099

CESA-2021_2328

CESA-2021_2354

CVE-2018-25011

DLA-2677-1

DSA-4930-1

OPENSUSE-SU-2021:1860-1

OPENSUSE-SU-2021_1860-1

RHSA-2021:2260

RHSA-2021:2328

RHSA-2021:2354

RHSA-2021:2364

RHSA-2021:2365

RHSA-2021_2260

RHSA-2021_2328

RHSA-2021_2354

RLSA-2021:2354

SUSE-SU-2021:1830-1

SUSE-SU-2021:1860-1

USN-4971-1

USN-4971-2

Affected Products

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libwebp

PT-2018-3681 · Google+8 · Libwebp+8

CVE-2018-25011

Weakness Enumeration

Related Identifiers

Affected Products

References · 127