Filtered by vendor Webmproject
Subscribe
Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25012 | 4 Debian, Netapp, Redhat and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more | 2021-12-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2018-25013 | 4 Debian, Netapp, Redhat and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more | 2021-12-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2020-36328 | 5 Apple, Debian, Netapp and 2 more | 6 Ipad Os, Iphone Os, Debian Linux and 3 more | 2021-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-36329 | 5 Apple, Debian, Netapp and 2 more | 6 Ipad Os, Iphone Os, Debian Linux and 3 more | 2021-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-36331 | 5 Apple, Debian, Netapp and 2 more | 6 Ipad Os, Iphone Os, Debian Linux and 3 more | 2021-12-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2018-25010 | 5 Apple, Debian, Netapp and 2 more | 6 Ipad Os, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2018-25009 | 4 Debian, Netapp, Redhat and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more | 2021-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2018-25011 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2018-25014 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-36330 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2010-4203 | 3 Google, Redhat, Webmproject | 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-07-31 | 10.0 HIGH | 9.8 CRITICAL |
| WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | |||||
| CVE-2018-6548 | 1 Webmproject | 1 Libwebm | 2018-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc. | |||||