An use-after-free was found in libwebp in versions before 1.0.1 in EmitFancyRGB() in dec/io_dec.c. Reference: https://bugs.chromium.org/p/webp/issues/detail?id=385
Upstream patch: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c
Upstream release notes: https://chromium.googlesource.com/webm/libwebp/+/v1.0.1
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2260 https://access.redhat.com/errata/RHSA-2021:2260
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-36329
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2328 https://access.redhat.com/errata/RHSA-2021:2328
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2354 https://access.redhat.com/errata/RHSA-2021:2354
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2365 https://access.redhat.com/errata/RHSA-2021:2365
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2364 https://access.redhat.com/errata/RHSA-2021:2364