PT-2023-2930 · Google+9 · Libwebp+9

Published

2023-02-23

Updated

2024-09-07

CVE-2023-1999

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libwebp (affected versions not specified)

Description The issue is related to a use after free/double free in libwebp, which can be exploited by an attacker using the ApplyFiltersAndEncode() function. This can lead to a denial of service. The vulnerability is caused by freeing best.bw and assigning best to trial pointer, then attempting a double free due to an out of memory error in the VP8 encoder.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Buffer Overflow

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119CWE-415

Related Identifiers

ALSA-2023:2076

ALSA-2023:2078

ALT-PU-2023-1648

ALT-PU-2023-1649

ALT-PU-2023-1758

ALT-PU-2023-1765

ALT-PU-2023-1783

ALT-PU-2023-1797

ALT-PU-2023-2105

ALT-PU-2023-4365

ALT-PU-2023-4366

ALT-PU-2023-5876

ALT-PU-2023-7312

ALT-PU-2024-11813

AZL-27181

BDU:2023-02923

CESA-2023_1787

CESA-2023_1791

CESA-2023_1802

CESA-2023_1806

CESA-2023_2076

CESA-2023_2077

CVE-2023-1999

DLA-3391-1

DLA-3400-1

DLA-3439-1

DSA-5385-1

DSA-5392-1

DSA-5408-1

OESA-2023-1317

OESA-2023-1684

OESA-2023-1685

OPENSUSE-SU-2024:13019-1

RHSA-2023:1785

RHSA-2023:1786

RHSA-2023:1787

RHSA-2023:1788

RHSA-2023:1789

RHSA-2023:1790

RHSA-2023:1791

RHSA-2023:1792

RHSA-2023:1802

RHSA-2023:1803

RHSA-2023:1804

RHSA-2023:1805

RHSA-2023:1806

RHSA-2023:1809

RHSA-2023:1810

RHSA-2023:1811

RHSA-2023:2072

RHSA-2023:2073

RHSA-2023:2075

RHSA-2023:2076

RHSA-2023:2077

RHSA-2023:2078

RHSA-2023:2084

RHSA-2023:2085

RHSA-2023_1786

RHSA-2023_1787

RHSA-2023_1791

RHSA-2023_1802

RHSA-2023_1806

RHSA-2023_1809

RHSA-2023_2076

RHSA-2023_2077

RHSA-2023_2078

RLSA-2023:2076

RLSA-2023:2078

ROSA-SA-2024-2358

SUSE-SU-2023:2064-1

SUSE-SU-2023:2467-1

SUSE-SU-2023:2490-1

SUSE-SU-2023:2552-1

SUSE-SU-2023_2467-1

SUSE-SU-2023_2552-1

USN-6078-1

USN-6078-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libwebp

PT-2023-2930 · Google+9 · Libwebp+9

CVE-2023-1999

Weakness Enumeration

Related Identifiers

Affected Products

References · 91