Headline
CVE-2018-25012: 1956922 – (CVE-2018-25012) CVE-2018-25012 libwebp: out-of-bounds read in WebPMuxCreateInternal()
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Description Guilherme de Almeida Suckevicz 2021-05-04 16:34:55 UTC
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
Reference: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
Comment 1 Gianluca Gabrielli 2021-05-05 19:08:31 UTC
This seems to be a duplicate of 1956917
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1956917
Comment 3 Riccardo Schirone 2021-05-18 10:57:15 UTC
Upstream patch: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097
Comment 5 Riccardo Schirone 2021-05-18 12:17:58 UTC
In reply to comment #1: > This seems to be a duplicate of 1956917
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1956917
Although the fix is the same, the issue seems to be in two different lines so I’d keep them separated to avoid possible confusions to others.
Comment 9 errata-xmlrpc 2021-11-09 17:50:31 UTC
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4231 https://access.redhat.com/errata/RHSA-2021:4231
Comment 10 Product Security DevOps Team 2021-11-10 01:53:42 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2018-25012