Bug 1956922 (CVE-2018-25012)
Summary: | CVE-2018-25012 libwebp: out-of-bounds read in WebPMuxCreateInternal() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | erack, jgrulich, jhorak, kaycoth, manisandro, stransky, tpopela, tuxator, tuxmealux+redhatbz, vmugicag |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libwebp 1.0.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-10 01:53:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1962004, 1962005, 1961609, 1961610, 1961978, 1961979 | ||
Bug Blocks: | 1940150, 1956995 |
Description
Guilherme de Almeida Suckevicz
2021-05-04 16:34:55 UTC
This seems to be a duplicate of 1956917 [0] https://bugzilla.redhat.com/show_bug.cgi?id=1956917 Upstream patch: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097 In reply to comment #1: > This seems to be a duplicate of 1956917 > > [0] https://bugzilla.redhat.com/show_bug.cgi?id=1956917 Although the fix is the same, the issue seems to be in two different lines so I'd keep them separated to avoid possible confusions to others. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4231 https://access.redhat.com/errata/RHSA-2021:4231 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-25012 |