CVE-2018-25014

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libwebp versions prior to 1.0.1

Description The issue is related to the use of an uninitialized variable in the libwebp library, which is used for encoding and decoding WebP images. This could allow a remote attacker to execute arbitrary code. The problem is specifically found in the ReadSymbol() function.

Recommendations For libwebp versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ReadSymbol() function until a patch is available.

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-908

Related Identifiers

ALSA-2021:4231

ALT-PU-2018-2673

BDU:2021-03106

CESA-2021_2328

CESA-2021_4231

CVE-2018-25014

DLA-2677-1

DSA-4930-1

RHSA-2021:2328

RHSA-2021:4231

RHSA-2021_2328

RHSA-2021_4231

RLSA-2021:4231

USN-4971-1

USN-4971-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Libwebp

CVE-2018-25014

Weakness Enumeration

Related Identifiers

Affected Products

References · 112