CVE-2020-36328

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libwebp versions prior to 1.0.1

Description The issue is related to a heap-based buffer overflow in the WebPDecodeRGBInto function due to an invalid check for buffer size. This can allow a remote attacker to execute arbitrary code by creating a specially crafted file. The highest threat from this issue is to data confidentiality and integrity as well as system availability.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WebPDecodeRGBInto function until a patch is available.

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALT-PU-2018-2673

BDU:2021-03100

CESA-2021_2328

CESA-2021_2354

CVE-2020-36328

DLA-2677-1

DSA-4930-1

OPENSUSE-SU-2021:1860-1

OPENSUSE-SU-2021_1860-1

RHSA-2021:2260

RHSA-2021:2328

RHSA-2021:2354

RHSA-2021:2364

RHSA-2021:2365

RHSA-2021_2260

RHSA-2021_2328

RHSA-2021_2354

RLSA-2021:2354

SUSE-SU-2021:1860-1

USN-4971-1

USN-4971-2

Affected Products

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libwebp

CVE-2020-36328

Weakness Enumeration

Related Identifiers

Affected Products

References · 80