Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-25013: 1956926 – (CVE-2018-25013) CVE-2018-25013 libwebp: out-of-bounds read in ShiftBytes()

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVE
Open in Source
#vulnerability#web#google#linux#red_hat

Bug 1956926 (CVE-2018-25013) - CVE-2018-25013 libwebp: out-of-bounds read in ShiftBytes()

Summary: CVE-2018-25013 libwebp: out-of-bounds read in ShiftBytes()

Keywords:

Status:

CLOSED ERRATA

Alias:

CVE-2018-25013

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

medium

Severity:

medium

Target Milestone:

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

1961978 1961979 1962004 1962005 1961611 1961612

Blocks:

1940150 1956995

TreeView+

depends on / blocked

Reported:

2021-05-04 16:44 UTC by Guilherme de Almeida Suckevicz

Modified:

2021-11-10 01:54 UTC (History)

CC List:

9 users (show)

Fixed In Version:

libwebp 1.0.1

Doc Type:

If docs needed, set a value

Doc Text:

A flaw was found in libwebp. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Clone Of:

Environment:

Last Closed:

2021-11-10 01:54:11 UTC

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

Links

System

ID

Private

Priority

Status

Summary

Last Updated

Red Hat Product Errata

RHSA-2021:4231

0

None

None

None

2021-11-09 17:50:34 UTC

Description Guilherme de Almeida Suckevicz 2021-05-04 16:44:45 UTC

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().

Reference: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417

Comment 1 Riccardo Schirone 2021-05-18 10:59:33 UTC

Upstream patch: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6

Comment 7 errata-xmlrpc 2021-11-09 17:50:33 UTC

This issue has been addressed in the following products:

Red Hat Enterprise Linux 8

Via RHSA-2021:4231 https://access.redhat.com/errata/RHSA-2021:4231

Comment 8 Product Security DevOps Team 2021-11-10 01:54:09 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-25013

Note You need to log in before you can comment on or make changes to this bug.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE