MidnightBSD

Advisories for webmproject

CVE-2010-4203 HIGH

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
google chrome *
webmproject libvpx *
CVE-2012-0823 MEDIUM

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
webmproject libvpx 0.9.0
webmproject libvpx 0.9.1
webmproject libvpx 0.9.6
webmproject libvpx 0.9.7
webmproject libvpx 0.9.2
webmproject libvpx 0.9.5
webmproject libvpx *
CVE-2016-9085 LOW

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-190,

Products Affected

Vendor Product Version
webmproject libwebp *
fedoraproject fedora 25
fedoraproject fedora 24
CVE-2016-9969 MEDIUM

In libwebp 0.5.1, there is a double free bug in libwebpmux.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
webmproject libwebp 0.5.1
CVE-2018-19212 MEDIUM

In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-670,

Products Affected

Vendor Product Version
webmproject libwebm *
CVE-2018-25009 MEDIUM

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
webmproject libwebp *
redhat enterprise_linux 8.0
CVE-2018-25010 MEDIUM

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
webmproject libwebp *
redhat enterprise_linux 8.0
CVE-2018-25011 HIGH

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
webmproject libwebp *
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
CVE-2018-25012 MEDIUM

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
webmproject libwebp *
redhat enterprise_linux 8.0
CVE-2018-25013 MEDIUM

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
webmproject libwebp *
redhat enterprise_linux 8.0
CVE-2018-25014 HIGH

A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

CVSS 2.0

Severity: HIGH

Problem Type: CWE-908,CWE-908,

Products Affected

Vendor Product Version
webmproject libwebp *
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
CVE-2018-6406 MEDIUM

The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
webmproject libwebm *
CVE-2018-6548 HIGH

A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
webmproject libwebm *
CVE-2019-9746 MEDIUM

In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
webmproject libwebm *
CVE-2020-36328 HIGH

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
apple ipados 14.7
apple iphone_os 14.7
netapp ontap_select_deploy_administration_utility -
debian debian_linux 9.0
webmproject libwebp *
debian debian_linux 10.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
CVE-2020-36329 HIGH

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
debian debian_linux 9.0
apple iphone_os *
webmproject libwebp *
debian debian_linux 10.0
apple ipados *
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
CVE-2020-36330 MEDIUM

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
debian debian_linux 9.0
apple iphone_os *
webmproject libwebp *
debian debian_linux 10.0
apple ipados *
redhat enterprise_linux 8.0
CVE-2020-36331 MEDIUM

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
debian debian_linux 9.0
apple iphone_os *
webmproject libwebp *
debian debian_linux 10.0
apple ipados *
redhat enterprise_linux 8.0
CVE-2020-36332 MEDIUM

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-400,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
webmproject libwebp *
debian debian_linux 10.0
redhat enterprise_linux 8.0
CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@google.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
webmproject libwebp *
CVE-2023-44488

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 37
redhat enterprise_linux 8.0
debian debian_linux 11.0
debian debian_linux 12.0
redhat enterprise_linux 9.0
webmproject libvpx *
CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
mozilla firefox *
netapp active_iq_unified_manager -
webmproject libwebp *
fedoraproject fedora 38
bandisoft honeyview *
fedoraproject fedora 37
microsoft edge *
microsoft teams *
microsoft webp_image_extension 1.0.62681.0
microsoft teams 1.6.00.26463
mozilla thunderbird *
fedoraproject fedora 39
mozilla firefox_esr *
microsoft webp_image_extension *
microsoft teams 1.6.00.26474
microsoft edge_chromium *
debian debian_linux 10.0
bentley seequent_leapfrog *
debian debian_linux 11.0
google chrome *
debian debian_linux 12.0
CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
mozilla firefox *
mozilla firefox_focus *
fedoraproject fedora 38
fedoraproject fedora 37
apple ipad_os *
mozilla thunderbird *
fedoraproject fedora 39
microsoft edge_chromium 116.0.5845.229
mozilla firefox_esr *
microsoft edge 116.0.1938.98
apple iphone_os *
debian debian_linux 10.0
apple ipados 16.7
microsoft edge 117.0.2045.47
apple ipad_os 16.7
apple ipados *
microsoft edge_chromium 117.0.5938.132
debian debian_linux 11.0
google chrome *
debian debian_linux 12.0
redhat enterprise_linux 9.0
webmproject libvpx *
apple iphone_os 16.7
CVE-2023-6349

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

Products Affected

Vendor Product Version
webmproject libvpx *
CVE-2024-5197

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

Products Affected

Vendor Product Version
debian debian_linux 10.0
webmproject libvpx *