Lucene search
Veracode Vulnerability DatabaseVERACODE:30911HistoryJun 11, 2021 - 10:31 a.m.
Arbitrary Code Execution
2021-06-1110:31:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.005 Low
EPSS
Percentile
77.6%
libwebp is vulnerable to arbitrary code execution. A use-after-free when a thread is killed earlier than expected allows an attacker to execute arbitrary code on the host OS.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qt5-qtimageformats | eq | 5.9.7__1.el7 | |
| libwebp | eq | 1.0.0__1.el8 | |
| qt5-qtimageformats | eq | 5.9.7__1.el7 | |
| libwebp | eq | 1.0.0__1.el8 |
References
seclists.org/fulldisclosure/2021/Jul/54
access.redhat.com/errata/RHSA-2021:2364
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1956843
lists.debian.org/debian-lts-announce/2021/06/msg00005.html
lists.debian.org/debian-lts-announce/2021/06/msg00006.html
security.netapp.com/advisory/ntap-20211112-0001/
support.apple.com/kb/HT212601
www.debian.org/security/2021/dsa-4930
Related
osv
osv
CVE-2020-36329
2021-05-21 17:15:08
Important: libwebp security update
2021-06-08 23:31:29
libwebp vulnerabilities
2021-06-10 13:12:37
ubuntucve
ubuntucve
CVE-2020-36329
2020-12-31 00:00:00
debiancve
debiancve
CVE-2020-36329
2021-05-21 17:15:08
redhatcve
redhatcve
CVE-2020-36329
2021-05-04 20:26:54
prion
prion
Design/Logic Flaw
2021-05-21 17:15:00
cve
cve
CVE-2020-36329
2021-05-21 17:15:08
cbl_mariner
cbl_mariner
CVE-2020-36329 affecting package libwebp 1.0.0-4
2021-06-09 03:50:29
nvd
nvd
CVE-2020-36329
2021-05-21 17:15:08
cvelist
cvelist
CVE-2020-36329
2021-05-21 16:15:10
rocky
rocky
libwebp security update
2021-06-08 23:31:29
nessus
nessus
RHEL 8 : libwebp (RHSA-2021:2354)
2021-06-16 00:00:00
NewStart CGSL MAIN 6.02 : libwebp Multiple Vulnerabilities (NS-SA-2022-0065)
2022-05-09 00:00:00
RHEL 8 : libwebp (RHSA-2021:2365)
2021-06-16 00:00:00
almalinux
almalinux
Important: libwebp security update
2021-06-08 23:31:29
oraclelinux
oraclelinux
libwebp security update
2021-06-10 00:00:00
libwebp security update
2021-06-08 00:00:00
qt5-qtimageformats security update
2021-06-09 00:00:00
amazon
amazon
Important: libwebp
2021-07-01 01:01:00
Important: qt5-qtimageformats
2021-07-01 01:05:00
redhat
redhat
(RHSA-2021:2260) Important: libwebp security update
2021-06-07 10:03:45
(RHSA-2021:2364) Important: libwebp security update
2021-06-09 12:54:49
(RHSA-2021:2365) Important: libwebp security update
2021-06-09 12:54:53
openvas
openvas
CentOS: Security Advisory for qt5-qtimageformats (CESA-2021:2328)
2021-06-15 00:00:00
Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2021-2594)
2021-10-26 00:00:00
Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2021-2338)
2021-09-04 00:00:00
f5
f5
centos
centos
qt5 security update
2021-06-14 18:46:33
rosalinux
rosalinux
Advisory ROSA-SA-2023-2184
2023-07-11 11:09:54
debian
debian
[SECURITY] [DLA 2672-1] libwebp security update
2021-06-05 17:43:33
[SECURITY] [DLA 2677-1] libwebp security update
2021-06-06 18:38:17
[SECURITY] [DSA 4930-1] libwebp security update
2021-06-10 21:04:30
suse
suse
Security update for libwebp (critical)
2021-07-11 00:00:00
ubuntu
ubuntu
libwebp vulnerabilities
2021-06-01 00:00:00
libwebp vulnerabilities
2021-06-10 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0244
2021-05-27 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0244
2021-05-28 00:00:00
qualysblog
qualysblog
cloudfoundry
cloudfoundry
USN-4971-1: libwebp vulnerabilities | Cloud Foundry
2021-06-11 00:00:00
apple
apple
About the security content of iOS 14.7 and iPadOS 14.7
2021-07-21 00:00:00
About the security content of iOS 14.7 and iPadOS 14.7
2021-07-19 00:00:00
threatpost
threatpost
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
2021-07-22 16:18:25
ibm
ibm