CVE-2018-25014

critical

Description

A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956927

https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html

https://www.debian.org/security/2021/dsa-4930

https://support.apple.com/kb/HT212601

http://seclists.org/fulldisclosure/2021/Jul/54

https://security.netapp.com/advisory/ntap-20211104-0004/

Details

Source: MITRE

Published: 2021-05-21

Updated: 2021-11-30

Type: CWE-908

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL