CVE-2020-36330critical
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1956853
https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
Details
Source: MITRE
Published: 2021-05-21
Updated: 2021-07-23
Type: CWE-125
Risk Information
CVSS v2
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 153331 | EulerOS 2.0 SP2 : libwebp (EulerOS-SA-2021-2403) | Nessus | Huawei Local Security Checks | critical |
| 153081 | EulerOS 2.0 SP5 : libwebp (EulerOS-SA-2021-2338) | Nessus | Huawei Local Security Checks | critical |
| 152037 | Apple iOS < 14.7 Multiple Vulnerabilities (HT212601) | Nessus | Mobile Devices | high |
| 151699 | openSUSE 15 Security Update : libwebp (openSUSE-SU-2021:1860-1) | Nessus | SuSE Local Security Checks | critical |
| 150705 | Debian DSA-4930-1 : libwebp - security update | Nessus | Debian Local Security Checks | critical |
| 150492 | Ubuntu 16.04 LTS : libwebp vulnerabilities (USN-4971-2) | Nessus | Ubuntu Local Security Checks | critical |
| 150424 | Photon OS 2.0: Libwebp PHSA-2021-2.0-0351 | Nessus | PhotonOS Local Security Checks | critical |
| 150301 | Debian DLA-2677-1 : libwebp security update | Nessus | Debian Local Security Checks | critical |
| 150300 | SUSE SLED15 / SLES15 Security Update : libwebp (SUSE-SU-2021:1860-1) | Nessus | SuSE Local Security Checks | critical |
| 150190 | SUSE SLES12 Security Update : libwebp (SUSE-SU-2021:1830-1) | Nessus | SuSE Local Security Checks | critical |
| 150173 | Debian DLA-2672-1 : libwebp security update | Nessus | Debian Local Security Checks | critical |
| 150131 | Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : libwebp vulnerabilities (USN-4971-1) | Nessus | Ubuntu Local Security Checks | critical |
| 150068 | Photon OS 3.0: Libwebp PHSA-2021-3.0-0244 | Nessus | PhotonOS Local Security Checks | critical |