Overview

File _patchinfo of Package patchinfo.19719

<patchinfo incident="19719">
  <issue tracker="cve" id="2020-36332"/>
  <issue tracker="cve" id="2018-25009"/>
  <issue tracker="cve" id="2018-25012"/>
  <issue tracker="cve" id="2020-36330"/>
  <issue tracker="cve" id="2018-25010"/>
  <issue tracker="cve" id="2020-36331"/>
  <issue tracker="cve" id="2020-36328"/>
  <issue tracker="cve" id="2020-36329"/>
  <issue tracker="cve" id="2018-25013"/>
  <issue tracker="cve" id="2018-25011"/>
  <issue tracker="bnc" id="1185685">VUL-0: CVE-2018-25010: libwebp: heap-based buffer overflow in ApplyFilter()</issue>
  <issue tracker="bnc" id="1185691">VUL-0: CVE-2020-36330: libwebp: heap-based buffer overflow in ChunkVerifyAndAssign() in mux/muxread.c</issue>
  <issue tracker="bnc" id="1185674">VUL-0: CVE-2020-36332: libwebp: extreme memory allocation when reading a file</issue>
  <issue tracker="bnc" id="1185652">VUL-0: CVE-2020-36329: libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c</issue>
  <issue tracker="bnc" id="1185690">VUL-0: CVE-2018-25012: libwebp: heap-based buffer overflow in GetLE24()</issue>
  <issue tracker="bnc" id="1185688">VUL-0: CVE-2020-36328: libwebp: heap-based buffer overflow in WebPDecode*Into functions</issue>
  <issue tracker="bnc" id="1185654">VUL-0: CVE-2018-25013: libwebp: heap-based buffer overflow in ShiftBytes()</issue>
  <issue tracker="bnc" id="1185686">VUL-0: CVE-2020-36331: libwebp: heap-based buffer overflow in ChunkAssignData() in mux/muxinternal.c</issue>
  <issue tracker="bnc" id="1185673">VUL-0: CVE-2018-25009: libwebp: heap-based buffer overflow in GetLE16()</issue>
  <issue tracker="bnc" id="1186247"></issue>
  <packager>mgorse</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for libwebp</summary>
  <description>This update for libwebp fixes the following issues:

- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places