A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). Reference: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119
Upstream release notes: https://chromium.googlesource.com/webm/libwebp/+/v1.0.1
Upstream patch: https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller&n=10000
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2260 https://access.redhat.com/errata/RHSA-2021:2260
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-25011
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2328 https://access.redhat.com/errata/RHSA-2021:2328
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2354 https://access.redhat.com/errata/RHSA-2021:2354
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2365 https://access.redhat.com/errata/RHSA-2021:2365
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2364 https://access.redhat.com/errata/RHSA-2021:2364