Nixpkgs security tracker
Permalink
CVE-2023-1999
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @fpletz Activity log
- Created automatic suggestion
- @fpletz dismissed
Use after free in libwebp
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
References
-
https://chromium.googlesource.com/webm/libwebp x_transferred
-
https://security.gentoo.org/glsa/202309-05 x_transferred
-
https://chromium.googlesource.com/webm/libwebp x_transferred
-
https://security.gentoo.org/glsa/202309-05 x_transferred
-
https://chromium.googlesource.com/webm/libwebp x_transferred
-
https://security.gentoo.org/glsa/202309-05 x_transferred
-
https://chromium.googlesource.com/webm/libwebp x_transferred
-
https://security.gentoo.org/glsa/202309-05 x_transferred
Affected products
libwebp
- <1.3.0-8-ga486d800
- <1.3.1
Package maintainers
-
@ajs124 Andreas Schrägle <nix@ajs124.de>