ALT Linux Team

Package libwebp update in p10 on 2023-11-29

ALT-PU-2023-7312-7

Package libwebp updated to version 1.3.2-alt1 for branch p10 in task 334597.

Closed vulnerabilities

Published: 2023-05-31
Modified: 2025-09-05

BDU:2023-02923

Уязвимость функции EncodeAlphaInternal() библиотеки libwebp для кодирования и декодирования изображений в формате WebP браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
Published: 2023-09-13
Modified: 2025-09-05

BDU:2023-05510

Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2023-06-20
Modified: 2025-02-13

CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-09-12
Modified: 2025-10-24

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-10-05

GHSA-94vc-p8w7-5p49

Bundled libwebp in imagecodecs vulnerable

References:
Published: 2024-08-31

GHSA-cxjf-x6jp-p7mc

opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References:
Published: 2023-09-12
Modified: 2025-07-09

GHSA-j7hp-h8jx-5ppr

libwebp: OOB write in BuildHuffmanTable

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2024-08-31

GHSA-jh2j-j4j9-crg3

opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References:
Published: 2024-08-31
Modified: 2024-08-31

GHSA-qr4w-53vh-m672

opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References:
Published: 2024-08-31

GHSA-w2pj-9cgh-mq2c

opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References:
Published: 2023-10-06

GHSA-wqcr-xm43-hpqr

Vulnerable version of libwebp and can be exploited with a malicious source image

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top