PT-2020-6125 · Google+9 · Libwebp+9

Published

2018-11-22

Updated

2023-09-22

CVE-2020-36332

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libwebp versions prior to 1.0.1

Description A flaw in libwebp can cause excessive memory allocation when reading a file, leading to a threat to service availability. The vulnerability is related to uncontrolled resource consumption and can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of libwebp to minimize the risk of exploitation.

Fix

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

ALSA-2021:4231

ALT-PU-2018-2673

BDU:2021-03107

CESA-2021_4231

CVE-2020-36332

DSA-4930-1

OPENSUSE-SU-2021:1860-1

OPENSUSE-SU-2021_1860-1

RHSA-2021:4231

RHSA-2021_4231

RLSA-2021:4231

SUSE-SU-2021:1830-1

SUSE-SU-2021:1860-1

USN-4971-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libwebp

PT-2020-6125 · Google+9 · Libwebp+9

CVE-2020-36332

Weakness Enumeration

Related Identifiers

Affected Products

References · 82