) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:webmproject:libwebp:0.2.1:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-4863 |
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) Published: September 12, 2023; 11:15:24 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2020-36332 |
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-36331 |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2020-36330 |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2020-36329 |
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2020-36328 |
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-25014 |
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-25013 |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2018-25012 |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2018-25011 |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-25010 |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2018-25009 |
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). Published: May 21, 2021; 1:15:08 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2016-9085 |
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. Published: February 03, 2017; 10:59:00 AM -0500 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |