Bug 875071 - (CVE-2012-5127) CVE-2012-5127 libwebp: Integer overflow when processing crafted WebP image
CVE-2012-5127 libwebp: Integer overflow when processing crafted WebP image
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 875072
  Show dependency treegraph
Reported: 2012-11-09 08:03 EST by Jan Lieskovsky
Modified: 2016-03-04 07:46 EST (History)
2 users (show)

See Also:
Fixed In Version: libwebp 0.2.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-01-20 15:29:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Backported patch from particular Debian bug entry (2.78 KB, patch)
2013-04-03 07:05 EDT, Jan Lieskovsky
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Debian BTS 704573 None None None Never

  None (edit)
Description Jan Lieskovsky 2012-11-09 08:03:47 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5127 to the following vulnerability:

Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5127
[2] http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
[3] https://code.google.com/p/chromium/issues/detail?id=157079
[4] https://bugs.gentoo.org/show_bug.cgi?id=442152
[5] https://bugs.gentoo.org/show_bug.cgi?id=442096
[6] https://groups.google.com/a/webmproject.org/forum/?fromgroups=#!topic/webp-discuss/QTtgi8YfgkE
Comment 1 Jan Lieskovsky 2012-11-09 08:05:40 EST
Created libwebp tracking bugs for this issue

Affects: fedora-all [bug 875072]
Comment 2 Jan Lieskovsky 2013-04-03 07:05:41 EDT
Created attachment 731108 [details]
Backported patch from particular Debian bug entry

Note You need to log in before you can comment on or make changes to this bug.