A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CPENameOperatorVersion
ipadoslt14.7
iphone_oslt14.7
debian_linuxeq9.0
debian_linuxeq10.0
enterprise_linuxeq8.0
libwebplt1.0.1

Name	Operator	Version
ipados	lt	14.7
iphone_os	lt	14.7
debian_linux	eq	9.0
debian_linux	eq	10.0
enterprise_linux	eq	8.0
libwebp	lt	1.0.1

References

seclists.org/fulldisclosure/2021/Jul/54

bugzilla.redhat.com/show_bug.cgi?id=1956856

lists.debian.org/debian-lts-announce/2021/06/msg00005.html

lists.debian.org/debian-lts-announce/2021/06/msg00006.html

security.netapp.com/advisory/ntap-20211112-0001/

support.apple.com/kb/HT212601

www.debian.org/security/2021/dsa-4930

redhatcve 1

osv 7

veracode 1

cbl_mariner 1

ubuntucve 1

debiancve 1

cve 1

nvd 1

cvelist 1

amazon 2

nessus 25

rosalinux 1

f5 1

rocky 1

oraclelinux 1

almalinux 1

openvas 13

redhat 8

debian 3

suse 1

redos 23

ubuntu 2

photon 3

qualysblog 1

cloudfoundry 1

apple 2

threatpost 1

ibm 1

redhatcve

CVE-2020-36331

2021-05-04 20:22:16

osv

CVE-2020-36331

2021-05-21 17:15:08

Moderate: libwebp security update

2021-11-09 08:47:24

Moderate: libwebp security update

2021-11-09 08:47:24

veracode

Out-of-bounds Read

2021-11-28 00:40:48

cbl_mariner

CVE-2020-36331 affecting package libwebp 1.0.0-4

2021-06-09 03:50:29

ubuntucve

CVE-2020-36331

2020-12-31 00:00:00

debiancve

CVE-2020-36331

2021-05-21 17:15:08

cve

CVE-2020-36331

2021-05-21 17:15:08

nvd

CVE-2020-36331

2021-05-21 17:15:08

cvelist

CVE-2020-36331

2021-05-21 16:20:33

amazon

Medium: libwebp

2023-04-27 16:19:00

Medium: libwebp

2023-04-27 18:37:00

nessus

Amazon Linux AMI : libwebp (ALAS-2023-1740)

2023-05-04 00:00:00

Amazon Linux 2 : libwebp (ALAS-2023-2031)

2023-05-02 00:00:00

AlmaLinux 8 : libwebp (ALSA-2021:4231)

2022-02-09 00:00:00

rosalinux

Advisory ROSA-SA-2023-2184

2023-07-11 11:09:54

K14760551 : Multiple libwebp vulnerabilities

2022-03-17 00:00:00

rocky

libwebp security update

2021-11-09 08:47:24

oraclelinux

libwebp security update

2021-11-16 00:00:00

almalinux

Moderate: libwebp security update

2021-11-09 08:47:24

openvas

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2021-2104)

2021-07-07 00:00:00

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2021-2594)

2021-10-26 00:00:00

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2021-2338)

2021-09-04 00:00:00

redhat

(RHSA-2021:4231) Moderate: libwebp security update

2021-11-09 08:47:24

(RHSA-2021:5129) Moderate: Openshift Logging security and bug update (5.3.1)

2021-12-14 16:46:20

(RHSA-2021:5128) Moderate: Openshift Logging security and bug update (5.1.5)

2021-12-14 16:46:13

debian

[SECURITY] [DLA 2672-1] libwebp security update

2021-06-05 17:43:33

[SECURITY] [DSA 4930-1] libwebp security update

2021-06-10 21:04:30

[SECURITY] [DLA 2677-1] libwebp security update

2021-06-06 18:38:17

suse

Security update for libwebp (critical)

2021-07-11 00:00:00

redos

ROS-2-591

2021-09-08 00:00:00

ROS-2-533

2023-07-06 00:00:00

ROS-2-555

2021-09-08 00:00:00

ubuntu

libwebp vulnerabilities

2021-06-01 00:00:00

libwebp vulnerabilities

2021-06-10 00:00:00

photon

Critical Photon OS Security Update - PHSA-2021-0244

2021-05-27 00:00:00

Critical Photon OS Security Update - PHSA-2021-3.0-0244

2021-05-28 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0351

2021-06-07 00:00:00

qualysblog

iOS and iPadOS 14.7 and 14.7.1 Security Update: Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices

2021-07-28 19:41:48

cloudfoundry

USN-4971-1: libwebp vulnerabilities | Cloud Foundry

2021-06-11 00:00:00

apple

About the security content of iOS 14.7 and iPadOS 14.7

2021-07-21 00:00:00

About the security content of iOS 14.7 and iPadOS 14.7

2021-07-19 00:00:00

threatpost

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

2021-07-22 16:18:25

ibm

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

2023-03-08 18:05:21

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for PRION:CVE-2020-36331