RHSA-2021:2328: Red Hat Security Advisory: qt5-qtimageformats security update

An update for qt5-qtimageformats is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP. Security Fix(es):

• libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)
• libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)
• libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)
• libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2018-25011: libwebp: heap-based buffer overflow in PutLE16()
• CVE-2018-25014: libwebp: use of uninitialized value in ReadSymbol()
• CVE-2020-36328: libwebp: heap-based buffer overflow in WebPDecode*Into functions
• CVE-2020-36329: libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c