Libwebp is vulnerable to Out-of-bounds Read. The vulnerability exists in the ChunkAssignData() In Mux/muxinternal.c, allowing an attacker to read memory values its leads to information disclosure.

CPENameOperatorVersion
libwebpeq1.0.0__1.el8
libwebpeq1.0.0__3.el8_4
libwebpeq1.0.0__1.el8
libwebpeq1.0.0__3.el8_4

Name	Operator	Version
libwebp	eq	1.0.0__1.el8
libwebp	eq	1.0.0__3.el8_4
libwebp	eq	1.0.0__1.el8
libwebp	eq	1.0.0__3.el8_4

References

seclists.org/fulldisclosure/2021/Jul/54

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

access.redhat.com/errata/RHSA-2021:4231

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1956856

lists.debian.org/debian-lts-announce/2021/06/msg00005.html

lists.debian.org/debian-lts-announce/2021/06/msg00006.html

security.netapp.com/advisory/ntap-20211112-0001/

support.apple.com/kb/HT212601

www.debian.org/security/2021/dsa-4930

cbl_mariner 1

ubuntucve 1

debiancve 1

prion 1

redhatcve 1

osv 7

cvelist 1

nvd 1

cve 1

amazon 2

nessus 25

rosalinux 1

f5 1

oraclelinux 1

almalinux 1

rocky 1

openvas 13

redhat 8

suse 1

debian 3

redos 23

ubuntu 2

photon 3

qualysblog 1

cloudfoundry 1

apple 2

threatpost 1

ibm 1

cbl_mariner

CVE-2020-36331 affecting package libwebp 1.0.0-4

2021-06-09 03:50:29

ubuntucve

CVE-2020-36331

2020-12-31 00:00:00

debiancve

CVE-2020-36331

2021-05-21 17:15:08

prion

Out-of-bounds

2021-05-21 17:15:00

redhatcve

CVE-2020-36331

2021-05-04 20:22:16

osv

CVE-2020-36331

2021-05-21 17:15:08

Moderate: libwebp security update

2021-11-09 08:47:24

Moderate: libwebp security update

2021-11-09 08:47:24

cvelist

CVE-2020-36331

2021-05-21 16:20:33

nvd

CVE-2020-36331

2021-05-21 17:15:08

cve

CVE-2020-36331

2021-05-21 17:15:08

amazon

Medium: libwebp

2023-04-27 16:19:00

Medium: libwebp

2023-04-27 18:37:00

nessus

Amazon Linux AMI : libwebp (ALAS-2023-1740)

2023-05-04 00:00:00

Amazon Linux 2 : libwebp (ALAS-2023-2031)

2023-05-02 00:00:00

Oracle Linux 8 : libwebp (ELSA-2021-4231)

2021-11-17 00:00:00

rosalinux

Advisory ROSA-SA-2023-2184

2023-07-11 11:09:54

K14760551 : Multiple libwebp vulnerabilities

2022-03-17 00:00:00

oraclelinux

libwebp security update

2021-11-16 00:00:00

almalinux

Moderate: libwebp security update

2021-11-09 08:47:24

rocky

libwebp security update

2021-11-09 08:47:24

openvas

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2021-2594)

2021-10-26 00:00:00

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2021-2104)

2021-07-07 00:00:00

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2021-2338)

2021-09-04 00:00:00

redhat

(RHSA-2021:4231) Moderate: libwebp security update

2021-11-09 08:47:24

(RHSA-2021:5129) Moderate: Openshift Logging security and bug update (5.3.1)

2021-12-14 16:46:20

(RHSA-2021:5128) Moderate: Openshift Logging security and bug update (5.1.5)

2021-12-14 16:46:13

suse

Security update for libwebp (critical)

2021-07-11 00:00:00

debian

[SECURITY] [DLA 2672-1] libwebp security update

2021-06-05 17:43:33

[SECURITY] [DLA 2677-1] libwebp security update

2021-06-06 18:38:17

[SECURITY] [DSA 4930-1] libwebp security update

2021-06-10 21:04:30

redos

ROS-2-533

2023-07-06 00:00:00

ROS-2-591

2021-09-08 00:00:00

ROS-2-649

2021-09-08 00:00:00

ubuntu

libwebp vulnerabilities

2021-06-01 00:00:00

libwebp vulnerabilities

2021-06-10 00:00:00

photon

Critical Photon OS Security Update - PHSA-2021-0244

2021-05-27 00:00:00

Critical Photon OS Security Update - PHSA-2021-3.0-0244

2021-05-28 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0351

2021-06-07 00:00:00

qualysblog

iOS and iPadOS 14.7 and 14.7.1 Security Update: Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices

2021-07-28 19:41:48

cloudfoundry

USN-4971-1: libwebp vulnerabilities | Cloud Foundry

2021-06-11 00:00:00

apple

About the security content of iOS 14.7 and iPadOS 14.7

2021-07-21 00:00:00

About the security content of iOS 14.7 and iPadOS 14.7

2021-07-19 00:00:00

threatpost

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

2021-07-22 16:18:25

ibm

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

2023-03-08 18:05:21

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for VERACODE:33123