A heap-based buffer overflow was found in libwebp in versions before 1.0.1 ChunkVerifyAndAssign() in mux/muxread.c. Reference: https://bugs.chromium.org/p/webp/issues/detail?id=386
Upstream patch: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4231 https://access.redhat.com/errata/RHSA-2021:4231
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-36330