Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Dismissed
(browse all)
Permalink CVE-2023-1999
updated 11 months, 2 weeks ago by @fpletz Activity log
  • Created automatic suggestion 11 months, 3 weeks ago
  • @fpletz dismissed 11 months, 2 weeks ago
Use after free in libwebp

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. 

Affected products

libwebp
  • <1.3.1
  • <1.3.0-8-ga486d800

Matching in nixpkgs

pkgs.libwebp

Tools and library for the WebP image format

Package maintainers