Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-25014 (GCVE-0-2018-25014)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:27 – Updated: 2024-08-05 12:26
VLAI?
EPSS
Summary
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:23:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-25014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-25014",
"datePublished": "2021-05-21T16:27:57.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-25014\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-05-21T17:15:08.203\",\"lastModified\":\"2024-11-21T04:03:21.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un uso de valor no inicializado en libwebp en versiones anteriores a la 1.0.1 en ReadSymbol()\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1\",\"matchCriteriaId\":\"97062C06-0227-489B-8E3C-B62050B69C41\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1956927\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1956927\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
WID-SEC-W-2023-1123
Vulnerability from csaf_certbund - Published: 2021-11-09 23:00 - Updated: 2023-05-23 22:00Summary
Red Hat Enterprise Linux (libwebp): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux libwebp ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf "out-of-bounds-read" Fehlern und einer uninitialierten Variablen in der "ReadSymbol" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf "out-of-bounds-read" Fehlern und einer uninitialierten Variablen in der "ReadSymbol" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf "out-of-bounds-read" Fehlern und einer uninitialierten Variablen in der "ReadSymbol" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf "out-of-bounds-read" Fehlern und einer uninitialierten Variablen in der "ReadSymbol" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf "out-of-bounds-read" Fehlern und einer uninitialierten Variablen in der "ReadSymbol" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf "out-of-bounds-read" Fehlern und einer uninitialierten Variablen in der "ReadSymbol" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf "out-of-bounds-read" Fehlern und einer uninitialierten Variablen in der "ReadSymbol" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf "out-of-bounds-read" Fehlern und einer uninitialierten Variablen in der "ReadSymbol" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux libwebp ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1123 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-1123.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1123 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1123"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1748 vom 2023-05-24",
"url": "https://alas.aws.amazon.com/ALAS-2023-1748.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2048 vom 2023-05-17",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2048.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2031 vom 2023-05-03",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2031.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2021-11-09",
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (libwebp): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-05-23T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:14.746+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1123",
"initial_release_date": "2021-11-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-11-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-05-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-05-23T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25009",
"notes": [
{
"category": "description",
"text": "In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf \"out-of-bounds-read\" Fehlern und einer uninitialierten Variablen in der \"ReadSymbol\" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363"
]
},
"release_date": "2021-11-09T23:00:00.000+00:00",
"title": "CVE-2018-25009"
},
{
"cve": "CVE-2018-25010",
"notes": [
{
"category": "description",
"text": "In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf \"out-of-bounds-read\" Fehlern und einer uninitialierten Variablen in der \"ReadSymbol\" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363"
]
},
"release_date": "2021-11-09T23:00:00.000+00:00",
"title": "CVE-2018-25010"
},
{
"cve": "CVE-2018-25012",
"notes": [
{
"category": "description",
"text": "In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf \"out-of-bounds-read\" Fehlern und einer uninitialierten Variablen in der \"ReadSymbol\" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363"
]
},
"release_date": "2021-11-09T23:00:00.000+00:00",
"title": "CVE-2018-25012"
},
{
"cve": "CVE-2018-25013",
"notes": [
{
"category": "description",
"text": "In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf \"out-of-bounds-read\" Fehlern und einer uninitialierten Variablen in der \"ReadSymbol\" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363"
]
},
"release_date": "2021-11-09T23:00:00.000+00:00",
"title": "CVE-2018-25013"
},
{
"cve": "CVE-2018-25014",
"notes": [
{
"category": "description",
"text": "In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf \"out-of-bounds-read\" Fehlern und einer uninitialierten Variablen in der \"ReadSymbol\" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363"
]
},
"release_date": "2021-11-09T23:00:00.000+00:00",
"title": "CVE-2018-25014"
},
{
"cve": "CVE-2020-36330",
"notes": [
{
"category": "description",
"text": "In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf \"out-of-bounds-read\" Fehlern und einer uninitialierten Variablen in der \"ReadSymbol\" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363"
]
},
"release_date": "2021-11-09T23:00:00.000+00:00",
"title": "CVE-2020-36330"
},
{
"cve": "CVE-2020-36331",
"notes": [
{
"category": "description",
"text": "In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf \"out-of-bounds-read\" Fehlern und einer uninitialierten Variablen in der \"ReadSymbol\" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363"
]
},
"release_date": "2021-11-09T23:00:00.000+00:00",
"title": "CVE-2020-36331"
},
{
"cve": "CVE-2020-36332",
"notes": [
{
"category": "description",
"text": "In der libwebp Komponente in Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese basieren auf \"out-of-bounds-read\" Fehlern und einer uninitialierten Variablen in der \"ReadSymbol\" Funktion. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363"
]
},
"release_date": "2021-11-09T23:00:00.000+00:00",
"title": "CVE-2020-36332"
}
]
}
BDU:2021-03106
Vulnerability from fstec - Published: 07.06.2021
VLAI Severity ?
Title
Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP, связанная с использованием неинициализированной переменной, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP связана с использованием неинициализированной переменной. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
ООО «РусБИТех-Астра», ООО «Ред Софт», Google Inc, АО «НТЦ ИТ РОСА», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), libwebp, ROSA Virtualization (запись в едином реестре российских программ №5091), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 7.2 Муром (РЕД ОС), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), от 0.1.2 до 1.0.1 rc2 (libwebp), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 2.1 (ROSA Virtualization), до 2.8 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Использование рекомендаций:
Для РедОС:
http://repo.red-soft.ru/redos/7.2c/x86_64/updates/
Для libwebp:
https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd521cf355a2f203f462eade6
Для Astra Linux:
Использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для системы управления средой виртуализации «ROSA Virtualization»:
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2183
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения libwebp до версии 0.6.1+repack-2+deb10u2.osnova1
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет libwebp до 0.6.1-2+deb10u3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения libwebp до версии 0.5.2-1+deb9u1
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2684
Reference
http://repo.red-soft.ru/redos/7.2c/x86_64/updates/
https://www.cybersecurity-help.cz/vdb/SB2021060725
https://www.securitylab.ru/vulnerability/520950.php
https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd521cf355a2f203f462eade6
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2183
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://abf.rosa.ru/advisories/ROSA-SA-2025-2684
CWE
CWE-457
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Google Inc, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u043e\u0442 0.1.2 \u0434\u043e 1.0.1 rc2 (libwebp), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 2.1 (ROSA Virtualization), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.2c/x86_64/updates/\n\n\u0414\u043b\u044f libwebp:\nhttps://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd521cf355a2f203f462eade6\n\n\u0414\u043b\u044f Astra Linux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: \nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: \nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2183\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libwebp \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.6.1+repack-2+deb10u2.osnova1\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libwebp \u0434\u043e 0.6.1-2+deb10u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libwebp \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.5.2-1+deb9u1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2684",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.06.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.03.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.06.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03106",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-25014",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), libwebp, ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.2 \u041c\u0443\u0440\u043e\u043c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libwebp \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 WebP, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 (CWE-457)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libwebp \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 WebP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://repo.red-soft.ru/redos/7.2c/x86_64/updates/\nhttps://www.cybersecurity-help.cz/vdb/SB2021060725\nhttps://www.securitylab.ru/vulnerability/520950.php\nhttps://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd521cf355a2f203f462eade6\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2183\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2684",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-457",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
FKIE_CVE-2018-25014
Vulnerability from fkie_nvd - Published: 2021-05-21 17:15 - Updated: 2024-11-21 04:03
Severity ?
Summary
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1956927 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1956927 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmproject | libwebp | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97062C06-0227-489B-8E3C-B62050B69C41",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un uso de valor no inicializado en libwebp en versiones anteriores a la 1.0.1 en ReadSymbol()"
}
],
"id": "CVE-2018-25014",
"lastModified": "2024-11-21T04:03:21.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T17:15:08.203",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
VAR-202105-1469
Vulnerability from variot - Updated: 2026-03-09 22:44A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). libwebp There is a vulnerability in the use of uninitialized resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. libwebp is an encoding and decoding library for the WebP image format. Versions of libwebp prior to 1.0.1 have security vulnerabilities. The vulnerability stems from the use of a separate variable in the ReadSymbol function. The biggest threats to this vulnerability are data confidentiality and integrity and system availability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4930-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 10, 2021 https://www.debian.org/security/faq
Package : libwebp CVE ID : CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332
Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed.
For the stable distribution (buster), these problems have been fixed in version 0.6.1-2+deb10u1.
We recommend that you upgrade your libwebp packages.
For the detailed security status of libwebp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libwebp
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDCfg0ACgkQEMKTtsN8 TjaaKBAAqMJfe5aH4Gh14SpB7h2S5JJUK+eo/aPo1tXn7BoLiF4O5g05+McyUOdE HI9ibolUfv+HoZlCDC93MBJvopWgd1/oqReHML5n2GXPBESYXpRstL04qwaRqu9g AvofhX88EwHefTXmljVTL4W1KgMJuhhPxVLdimxoqd0/hjagZtA7B7R05khigC5k nHMFoRogSPjI9H4vI2raYaOqC26zmrZNbk/CRVhuUbtDOG9qy9okjc+6KM9RcbXC ha++EhrGXPjCg5SwrQAZ50nW3Jwif2WpSeULfTrqHr2E8nHGUCHDMMtdDwegFH/X FK0dVaNPgrayw1Dji+fhBQz3qR7pl/1DK+gsLtREafxY0+AxZ57kCi51CykT/dLs eC4bOPaoho91KuLFrT+X/AyAASS/00VuroFJB4sWQUvEpBCnWPUW1m3NvjsyoYuj 0wmQMVM5Bb/aYuWAM+/V9MeoklmtIn+OPAXqsVvLxdbB0GScwJV86/NvsN6Nde6c twImfMCK1V75FPrIsxx37M52AYWvALgXbWoVi4aQPyPeDerQdgUPL1FzTGzem0NQ PnXhuE27H/pJz79DosW8md0RFr+tfPgZ8CeTirXSUUXFiqhcXR/w1lqN2vlmfm8V dmwgzvu9A7ZhG++JRqbbMx2D+NS4coGgRdA7XPuRrdNKniRIDhQ= =pN/j -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Openshift Logging security and bug update (5.1.5) Advisory ID: RHSA-2021:5128-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:5128 Issue date: 2021-12-14 CVE Names: CVE-2018-20673 CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14145 CVE-2020-14155 CVE-2020-16135 CVE-2020-17541 CVE-2020-24370 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 CVE-2021-3200 CVE-2021-3426 CVE-2021-3445 CVE-2021-3481 CVE-2021-3572 CVE-2021-3580 CVE-2021-3712 CVE-2021-3778 CVE-2021-3796 CVE-2021-3800 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-21409 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-31535 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-37136 CVE-2021-37137 CVE-2021-42574 CVE-2021-43527 CVE-2021-44228 ==================================================================== 1. Summary:
An update is now available for OpenShift Logging 5.1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Openshift Logging Security and Bug Fix Release (5.1.5)
Security Fix(es):
-
log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
-
netty: Request smuggling via content-length header (CVE-2021-21409)
-
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
-
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- References:
https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14145 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-35521 https://access.redhat.com/security/cve/CVE-2020-35522 https://access.redhat.com/security/cve/CVE-2020-35523 https://access.redhat.com/security/cve/CVE-2020-35524 https://access.redhat.com/security/cve/CVE-2020-36330 https://access.redhat.com/security/cve/CVE-2020-36331 https://access.redhat.com/security/cve/CVE-2020-36332 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3481 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3778 https://access.redhat.com/security/cve/CVE-2021-3796 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYbj01NzjgjWX9erEAQhG9w/+JmAEO9aC4JzQ/e7WfCnnAAAWMxNJWGbc vrmGp8NYuD2CBM1XixK6vTw+NagMU7NJChPAjaGuzE4MGEF3ptQnOniZn10lnzS2 tOm+Gltaj/JVuntVeXLvKk7zxboXzazVtyEOGwBcZG9CraxTmZSyc77vvVG3Jram KGNWz6cmM14hwEhtLg1npmX9vNfquce46EmKRoyiXSg3JvLWDii1ez8v5A6OzF/I cdd/ohFooOJtUT9PSccmrKIQ2Z7R/kZzksw41z5ZFAi/x35ajVbJq8cL5fGE0/gs BtuEs6+MXRS/dpoobEDfVIAnzb97UJT/jZ1GhaBPNLuyT3uL2dvxOu3NpLkEHDQJ HVlj/a8SBLFnITak7Hu5AKbDa0N0SOjbIjxKVZ3L73uHbNQPlaGLcA2C692CG7Qe 8Hvagfqhtgy9dQ46rYmr7lq81QXeZHlwCzUknPcdDZoR8GF42rTJaN/S3b0kRBJ7 +QRxRM5PbkRiBjkG157qSHnYORTD004hffZ09QSOHa+OTiyPlAYeGWgU6rJ/LsyZ a6MuFKBumQJFFG3+O5yRceXtS3g8rTZGSjWqGr6z2z5kTMmf/rarANdPwcGU0snu XxMpuGRE4iLy/6VcuzP8+WfMmXbwY5/mCHnSSqpfAdGHYoMem1Lyc4akt7fdNt0G 1dLkzUQ4qIQ\xf4wZ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "libwebp",
"scope": "lt",
"trust": 1.0,
"vendor": "webmproject",
"version": "1.0.1"
},
{
"_id": null,
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "libwebp",
"scope": null,
"trust": 0.8,
"vendor": "the webm",
"version": null
},
{
"_id": null,
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016583"
},
{
"db": "NVD",
"id": "CVE-2018-25014"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
}
],
"trust": 0.5
},
"cve": "CVE-2018-25014",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-25014",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-391906",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-25014",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-25014",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-25014",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-25014",
"trust": 0.8,
"value": "Critical"
},
{
"author": "VULHUB",
"id": "VHN-391906",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-25014",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-391906"
},
{
"db": "VULMON",
"id": "CVE-2018-25014"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016583"
},
{
"db": "NVD",
"id": "CVE-2018-25014"
}
]
},
"description": {
"_id": null,
"data": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). libwebp There is a vulnerability in the use of uninitialized resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. libwebp is an encoding and decoding library for the WebP image format. Versions of libwebp prior to 1.0.1 have security vulnerabilities. The vulnerability stems from the use of a separate variable in the ReadSymbol function. The biggest threats to this vulnerability are data confidentiality and integrity and system availability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4930-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 10, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libwebp\nCVE ID : CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013 \n CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 \n CVE-2020-36331 CVE-2020-36332\n\nMultiple vulnerabilities were discovered in libwebp, the implementation\nof the WebP image format, which could result in denial of service, memory\ndisclosure or potentially the execution of arbitrary code if malformed\nimages are processed. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 0.6.1-2+deb10u1. \n\nWe recommend that you upgrade your libwebp packages. \n\nFor the detailed security status of libwebp please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libwebp\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDCfg0ACgkQEMKTtsN8\nTjaaKBAAqMJfe5aH4Gh14SpB7h2S5JJUK+eo/aPo1tXn7BoLiF4O5g05+McyUOdE\nHI9ibolUfv+HoZlCDC93MBJvopWgd1/oqReHML5n2GXPBESYXpRstL04qwaRqu9g\nAvofhX88EwHefTXmljVTL4W1KgMJuhhPxVLdimxoqd0/hjagZtA7B7R05khigC5k\nnHMFoRogSPjI9H4vI2raYaOqC26zmrZNbk/CRVhuUbtDOG9qy9okjc+6KM9RcbXC\nha++EhrGXPjCg5SwrQAZ50nW3Jwif2WpSeULfTrqHr2E8nHGUCHDMMtdDwegFH/X\nFK0dVaNPgrayw1Dji+fhBQz3qR7pl/1DK+gsLtREafxY0+AxZ57kCi51CykT/dLs\neC4bOPaoho91KuLFrT+X/AyAASS/00VuroFJB4sWQUvEpBCnWPUW1m3NvjsyoYuj\n0wmQMVM5Bb/aYuWAM+/V9MeoklmtIn+OPAXqsVvLxdbB0GScwJV86/NvsN6Nde6c\ntwImfMCK1V75FPrIsxx37M52AYWvALgXbWoVi4aQPyPeDerQdgUPL1FzTGzem0NQ\nPnXhuE27H/pJz79DosW8md0RFr+tfPgZ8CeTirXSUUXFiqhcXR/w1lqN2vlmfm8V\ndmwgzvu9A7ZhG++JRqbbMx2D+NS4coGgRdA7XPuRrdNKniRIDhQ=\n=pN/j\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Openshift Logging security and bug update (5.1.5)\nAdvisory ID: RHSA-2021:5128-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:5128\nIssue date: 2021-12-14\nCVE Names: CVE-2018-20673 CVE-2018-25009 CVE-2018-25010\n CVE-2018-25012 CVE-2018-25013 CVE-2018-25014\n CVE-2019-5827 CVE-2019-13750 CVE-2019-13751\n CVE-2019-17594 CVE-2019-17595 CVE-2019-18218\n CVE-2019-19603 CVE-2019-20838 CVE-2020-12762\n CVE-2020-13435 CVE-2020-14145 CVE-2020-14155\n CVE-2020-16135 CVE-2020-17541 CVE-2020-24370\n CVE-2020-35521 CVE-2020-35522 CVE-2020-35523\n CVE-2020-35524 CVE-2020-36330 CVE-2020-36331\n CVE-2020-36332 CVE-2021-3200 CVE-2021-3426\n CVE-2021-3445 CVE-2021-3481 CVE-2021-3572\n CVE-2021-3580 CVE-2021-3712 CVE-2021-3778\n CVE-2021-3796 CVE-2021-3800 CVE-2021-20231\n CVE-2021-20232 CVE-2021-20266 CVE-2021-21409\n CVE-2021-22876 CVE-2021-22898 CVE-2021-22925\n CVE-2021-23840 CVE-2021-23841 CVE-2021-27645\n CVE-2021-28153 CVE-2021-31535 CVE-2021-33560\n CVE-2021-33574 CVE-2021-35942 CVE-2021-36084\n CVE-2021-36085 CVE-2021-36086 CVE-2021-36087\n CVE-2021-37136 CVE-2021-37137 CVE-2021-42574\n CVE-2021-43527 CVE-2021-44228\n====================================================================\n1. Summary:\n\nAn update is now available for OpenShift Logging 5.1. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nOpenshift Logging Security and Bug Fix Release (5.1.5)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20673\nhttps://access.redhat.com/security/cve/CVE-2018-25009\nhttps://access.redhat.com/security/cve/CVE-2018-25010\nhttps://access.redhat.com/security/cve/CVE-2018-25012\nhttps://access.redhat.com/security/cve/CVE-2018-25013\nhttps://access.redhat.com/security/cve/CVE-2018-25014\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14145\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-17541\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-35521\nhttps://access.redhat.com/security/cve/CVE-2020-35522\nhttps://access.redhat.com/security/cve/CVE-2020-35523\nhttps://access.redhat.com/security/cve/CVE-2020-35524\nhttps://access.redhat.com/security/cve/CVE-2020-36330\nhttps://access.redhat.com/security/cve/CVE-2020-36331\nhttps://access.redhat.com/security/cve/CVE-2020-36332\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3426\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3481\nhttps://access.redhat.com/security/cve/CVE-2021-3572\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3712\nhttps://access.redhat.com/security/cve/CVE-2021-3778\nhttps://access.redhat.com/security/cve/CVE-2021-3796\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-20266\nhttps://access.redhat.com/security/cve/CVE-2021-21409\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-27645\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-31535\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-33574\nhttps://access.redhat.com/security/cve/CVE-2021-35942\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-37136\nhttps://access.redhat.com/security/cve/CVE-2021-37137\nhttps://access.redhat.com/security/cve/CVE-2021-42574\nhttps://access.redhat.com/security/cve/CVE-2021-43527\nhttps://access.redhat.com/security/cve/CVE-2021-44228\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYbj01NzjgjWX9erEAQhG9w/+JmAEO9aC4JzQ/e7WfCnnAAAWMxNJWGbc\nvrmGp8NYuD2CBM1XixK6vTw+NagMU7NJChPAjaGuzE4MGEF3ptQnOniZn10lnzS2\ntOm+Gltaj/JVuntVeXLvKk7zxboXzazVtyEOGwBcZG9CraxTmZSyc77vvVG3Jram\nKGNWz6cmM14hwEhtLg1npmX9vNfquce46EmKRoyiXSg3JvLWDii1ez8v5A6OzF/I\ncdd/ohFooOJtUT9PSccmrKIQ2Z7R/kZzksw41z5ZFAi/x35ajVbJq8cL5fGE0/gs\nBtuEs6+MXRS/dpoobEDfVIAnzb97UJT/jZ1GhaBPNLuyT3uL2dvxOu3NpLkEHDQJ\nHVlj/a8SBLFnITak7Hu5AKbDa0N0SOjbIjxKVZ3L73uHbNQPlaGLcA2C692CG7Qe\n8Hvagfqhtgy9dQ46rYmr7lq81QXeZHlwCzUknPcdDZoR8GF42rTJaN/S3b0kRBJ7\n+QRxRM5PbkRiBjkG157qSHnYORTD004hffZ09QSOHa+OTiyPlAYeGWgU6rJ/LsyZ\na6MuFKBumQJFFG3+O5yRceXtS3g8rTZGSjWqGr6z2z5kTMmf/rarANdPwcGU0snu\nXxMpuGRE4iLy/6VcuzP8+WfMmXbwY5/mCHnSSqpfAdGHYoMem1Lyc4akt7fdNt0G\n1dLkzUQ4qIQ\\xf4wZ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-25014"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016583"
},
{
"db": "VULHUB",
"id": "VHN-391906"
},
{
"db": "VULMON",
"id": "CVE-2018-25014"
},
{
"db": "PACKETSTORM",
"id": "169076"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-25014",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016583",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165287",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165288",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165296",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165286",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164842",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164967",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163028",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168042",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1379",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-391906",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-25014",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169076",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-391906"
},
{
"db": "VULMON",
"id": "CVE-2018-25014"
},
{
"db": "PACKETSTORM",
"id": "169076"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016583"
},
{
"db": "NVD",
"id": "CVE-2018-25014"
}
]
},
"id": "VAR-202105-1469",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-391906"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:44:02.607000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HT212601 Red hat Red\u00a0Hat\u00a0Bugzilla",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1679",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1679"
},
{
"title": "Debian Security Advisories: DSA-4930-1 libwebp -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6dad0021173658916444dfc89f8d2495"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225069 - Security Advisory"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2018-25014 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-25014"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016583"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-908",
"trust": 1.1
},
{
"problemtype": "Use of uninitialized resources (CWE-908) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-391906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016583"
},
{
"db": "NVD",
"id": "CVE-2018-25014"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 1.2,
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"trust": 1.2,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"trust": 1.2,
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2021-1679.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36328"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36329"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/libwebp"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24504"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36158"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26140"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3487"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23133"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36312"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24588"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29660"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3600"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31829"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5128"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5127"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5129"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-391906"
},
{
"db": "VULMON",
"id": "CVE-2018-25014"
},
{
"db": "PACKETSTORM",
"id": "169076"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016583"
},
{
"db": "NVD",
"id": "CVE-2018-25014"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-391906",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-25014",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169076",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165296",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165286",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165287",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165288",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165631",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016583",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-25014",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-391906",
"ident": null
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2018-25014",
"ident": null
},
{
"date": "2021-06-28T19:12:00",
"db": "PACKETSTORM",
"id": "169076",
"ident": null
},
{
"date": "2021-12-15T15:27:05",
"db": "PACKETSTORM",
"id": "165296",
"ident": null
},
{
"date": "2021-12-15T15:20:33",
"db": "PACKETSTORM",
"id": "165286",
"ident": null
},
{
"date": "2021-12-15T15:20:43",
"db": "PACKETSTORM",
"id": "165287",
"ident": null
},
{
"date": "2021-12-15T15:22:36",
"db": "PACKETSTORM",
"id": "165288",
"ident": null
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631",
"ident": null
},
{
"date": "2022-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016583",
"ident": null
},
{
"date": "2021-05-21T17:15:08.203000",
"db": "NVD",
"id": "CVE-2018-25014",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-391906",
"ident": null
},
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-25014",
"ident": null
},
{
"date": "2022-02-02T01:15:00",
"db": "JVNDB",
"id": "JVNDB-2018-016583",
"ident": null
},
{
"date": "2023-02-09T02:24:26.620000",
"db": "NVD",
"id": "CVE-2018-25014",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "libwebp\u00a0 Vulnerability in using uninitialized resources in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016583"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
}
],
"trust": 0.4
}
}
MSRC_CVE-2018-25014
Vulnerability from csaf_microsoft - Published: 2021-05-02 00:00 - Updated: 2021-05-25 00:00Summary
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
9.8 (Critical)
Vendor Fix
1.0.3-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2018-25014 A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2018-25014.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().",
"tracking": {
"current_release_date": "2021-05-25T00:00:00.000Z",
"generator": {
"date": "2025-12-27T18:53:44.507Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2018-25014",
"initial_release_date": "2021-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-05-25T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 libwebp 1.0.3-1",
"product": {
"name": "\u003ccm1 libwebp 1.0.3-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 libwebp 1.0.3-1",
"product": {
"name": "cm1 libwebp 1.0.3-1",
"product_id": "16967"
}
}
],
"category": "product_name",
"name": "libwebp"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 libwebp 1.0.3-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 libwebp 1.0.3-1 as a component of CBL Mariner 1.0",
"product_id": "16967-16820"
},
"product_reference": "16967",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25014",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16967-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2018-25014 A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2018-25014.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-25T00:00:00.000Z",
"details": "1.0.3-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
}
]
}
CERTFR-2021-AVI-562
Vulnerability from certfr_avis - Published: 2021-07-22 - Updated: 2021-07-22
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 2021-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 14.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave versions ant\u00e9rieures \u00e0 2021-005",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30784"
},
{
"name": "CVE-2021-30799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30799"
},
{
"name": "CVE-2021-30672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30672"
},
{
"name": "CVE-2021-30765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30765"
},
{
"name": "CVE-2021-30731",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30731"
},
{
"name": "CVE-2021-30792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30792"
},
{
"name": "CVE-2018-25014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25014"
},
{
"name": "CVE-2021-30787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30787"
},
{
"name": "CVE-2021-30782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30782"
},
{
"name": "CVE-2021-30800",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30800"
},
{
"name": "CVE-2021-30733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30733"
},
{
"name": "CVE-2021-30766",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30766"
},
{
"name": "CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"name": "CVE-2021-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30774"
},
{
"name": "CVE-2021-30778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30778"
},
{
"name": "CVE-2021-30763",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30763"
},
{
"name": "CVE-2021-30776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30776"
},
{
"name": "CVE-2021-30677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30677"
},
{
"name": "CVE-2021-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30775"
},
{
"name": "CVE-2021-30789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30789"
},
{
"name": "CVE-2021-30759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30759"
},
{
"name": "CVE-2018-25010",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25010"
},
{
"name": "CVE-2021-30748",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30748"
},
{
"name": "CVE-2021-30796",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30796"
},
{
"name": "CVE-2021-30791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30791"
},
{
"name": "CVE-2021-30770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30770"
},
{
"name": "CVE-2021-30797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30797"
},
{
"name": "CVE-2021-30788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30788"
},
{
"name": "CVE-2021-30790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30790"
},
{
"name": "CVE-2021-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30703"
},
{
"name": "CVE-2021-30772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30772"
},
{
"name": "CVE-2021-30781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30781"
},
{
"name": "CVE-2021-30773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30773"
},
{
"name": "CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"name": "CVE-2021-30758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30758"
},
{
"name": "CVE-2021-30803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30803"
},
{
"name": "CVE-2021-30798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30798"
},
{
"name": "CVE-2021-30769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30769"
},
{
"name": "CVE-2021-30760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30760"
},
{
"name": "CVE-2021-30785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30785"
},
{
"name": "CVE-2021-30780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30780"
},
{
"name": "CVE-2020-36330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36330"
},
{
"name": "CVE-2021-30793",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30793"
},
{
"name": "CVE-2021-30779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30779"
},
{
"name": "CVE-2021-30805",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30805"
},
{
"name": "CVE-2021-30786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30786"
},
{
"name": "CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"name": "CVE-2021-30804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30804"
},
{
"name": "CVE-2021-30795",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30795"
},
{
"name": "CVE-2021-30777",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30777"
},
{
"name": "CVE-2020-36331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36331"
},
{
"name": "CVE-2021-30768",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30768"
},
{
"name": "CVE-2021-30802",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30802"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2021-30783",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30783"
}
],
"initial_release_date": "2021-07-22T00:00:00",
"last_revision_date": "2021-07-22T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-562",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212601 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212600 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212602 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212603 du 21 juillet 2021",
"url": "https://support.apple.com/en-us/HT212603"
}
]
}
CNVD-2021-37660
Vulnerability from cnvd - Published: 2021-05-28
VLAI Severity ?
Title
Libwebp未初始化变量使用漏洞
Description
Libwebp是一个WebP图像格式的编码和解码库。
Libwebp 1.0.1之前的版本存在安全漏洞。该漏洞源于ReadSymbol函数中使用了一个单独的变量。攻击者可利用漏洞威胁数据机密性和完整性以及系统可用性。
Severity
高
Patch Name
Libwebp未初始化变量使用漏洞的补丁
Patch Description
Libwebp是一个WebP图像格式的编码和解码库。
Libwebp 1.0.1之前的版本存在安全漏洞。该漏洞源于ReadSymbol函数中使用了一个单独的变量。攻击者可利用漏洞威胁数据机密性和完整性以及系统可用性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://bugzilla.redhat.com/show_bug.cgi?id=1956927
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-25014
Impacted products
| Name | Libwebp Libwebp <1.0.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-25014",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014"
}
},
"description": "Libwebp\u662f\u4e00\u4e2aWebP\u56fe\u50cf\u683c\u5f0f\u7684\u7f16\u7801\u548c\u89e3\u7801\u5e93\u3002\n\nLibwebp 1.0.1\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eReadSymbol\u51fd\u6570\u4e2d\u4f7f\u7528\u4e86\u4e00\u4e2a\u5355\u72ec\u7684\u53d8\u91cf\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5a01\u80c1\u6570\u636e\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u4ee5\u53ca\u7cfb\u7edf\u53ef\u7528\u6027\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1956927",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-37660",
"openTime": "2021-05-28",
"patchDescription": "Libwebp\u662f\u4e00\u4e2aWebP\u56fe\u50cf\u683c\u5f0f\u7684\u7f16\u7801\u548c\u89e3\u7801\u5e93\u3002\r\n\r\nLibwebp 1.0.1\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eReadSymbol\u51fd\u6570\u4e2d\u4f7f\u7528\u4e86\u4e00\u4e2a\u5355\u72ec\u7684\u53d8\u91cf\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5a01\u80c1\u6570\u636e\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u4ee5\u53ca\u7cfb\u7edf\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Libwebp\u672a\u521d\u59cb\u5316\u53d8\u91cf\u4f7f\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Libwebp Libwebp \u003c1.0.1"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014",
"serverity": "\u9ad8",
"submitTime": "2021-05-24",
"title": "Libwebp\u672a\u521d\u59cb\u5316\u53d8\u91cf\u4f7f\u7528\u6f0f\u6d1e"
}
RHSA-2021:2328
Vulnerability from csaf_redhat - Published: 2021-06-08 22:42 - Updated: 2025-11-21 18:23Summary
Red Hat Security Advisory: qt5-qtimageformats security update
Severity
Important
Notes
Topic: An update for qt5-qtimageformats is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP.
Security Fix(es):
* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)
* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)
* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)
* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:2328
A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:2328
A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:2328
A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:2328
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qt5-qtimageformats is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP.\n\nSecurity Fix(es):\n\n* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)\n\n* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)\n\n* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2328",
"url": "https://access.redhat.com/errata/RHSA-2021:2328"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1956829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829"
},
{
"category": "external",
"summary": "1956843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843"
},
{
"category": "external",
"summary": "1956919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919"
},
{
"category": "external",
"summary": "1956927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2328.json"
}
],
"title": "Red Hat Security Advisory: qt5-qtimageformats security update",
"tracking": {
"current_release_date": "2025-11-21T18:23:21+00:00",
"generator": {
"date": "2025-11-21T18:23:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:2328",
"initial_release_date": "2021-06-08T22:42:52+00:00",
"revision_history": [
{
"date": "2021-06-08T22:42:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-06-08T22:42:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:23:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"product": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"product": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"product": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"product": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"product": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"product": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"product": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"product": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"product": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"product": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"product": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"product": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"product": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"product": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"product": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"product": {
"name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"product_id": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-qtimageformats-doc@5.9.7-2.el7_9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
},
"product_reference": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
},
"product_reference": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
},
"product_reference": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64"
},
"product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64"
},
"product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
},
"product_reference": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25011",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956919"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: heap-based buffer overflow in PutLE16()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25011"
},
{
"category": "external",
"summary": "RHBZ#1956919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011"
}
],
"release_date": "2018-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-08T22:42:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: heap-based buffer overflow in PutLE16()"
},
{
"cve": "CVE-2018-25014",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: use of uninitialized value in ReadSymbol()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7 and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25014"
},
{
"category": "external",
"summary": "RHBZ#1956927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25014"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014"
}
],
"release_date": "2018-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-08T22:42:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: use of uninitialized value in ReadSymbol()"
},
{
"cve": "CVE-2020-36328",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956829"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36328"
},
{
"category": "external",
"summary": "RHBZ#1956829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-08T22:42:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions"
},
{
"cve": "CVE-2020-36329",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956843"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36329"
},
{
"category": "external",
"summary": "RHBZ#1956843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-08T22:42:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c"
}
]
}
RHSA-2021:4231
Vulnerability from csaf_redhat - Published: 2021-11-09 18:44 - Updated: 2025-11-21 18:26Summary
Red Hat Security Advisory: libwebp security update
Severity
Moderate
Notes
Topic: An update for libwebp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)
* libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)
* libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)
* libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)
* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)
* libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)
* libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)
* libwebp: excessive memory allocation when reading a file (CVE-2020-36332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:4231
A flaw was found in libwebp. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:4231
A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:4231
A flaw was found in libwebp. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:4231
A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:4231
A flaw was found in libwebp. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:4231
A flaw was found in libwebp. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:4231
A flaw was found in libwebp. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2021:4231
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libwebp is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n* libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n* libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n* libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n* libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n* libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4231",
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"category": "external",
"summary": "1956853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"category": "external",
"summary": "1956856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956856"
},
{
"category": "external",
"summary": "1956868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956868"
},
{
"category": "external",
"summary": "1956917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956917"
},
{
"category": "external",
"summary": "1956918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956918"
},
{
"category": "external",
"summary": "1956922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956922"
},
{
"category": "external",
"summary": "1956926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956926"
},
{
"category": "external",
"summary": "1956927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4231.json"
}
],
"title": "Red Hat Security Advisory: libwebp security update",
"tracking": {
"current_release_date": "2025-11-21T18:26:20+00:00",
"generator": {
"date": "2025-11-21T18:26:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:4231",
"initial_release_date": "2021-11-09T18:44:17+00:00",
"revision_history": [
{
"date": "2021-11-09T18:44:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-09T18:44:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:26:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.el8.src",
"product": {
"name": "libwebp-0:1.0.0-5.el8.src",
"product_id": "libwebp-0:1.0.0-5.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.el8.aarch64",
"product": {
"name": "libwebp-0:1.0.0-5.el8.aarch64",
"product_id": "libwebp-0:1.0.0-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-5.el8.aarch64",
"product": {
"name": "libwebp-devel-0:1.0.0-5.el8.aarch64",
"product_id": "libwebp-devel-0:1.0.0-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"product": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"product_id": "libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"product_id": "libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"product_id": "libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.el8.ppc64le",
"product": {
"name": "libwebp-0:1.0.0-5.el8.ppc64le",
"product_id": "libwebp-0:1.0.0-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-5.el8.ppc64le",
"product": {
"name": "libwebp-devel-0:1.0.0-5.el8.ppc64le",
"product_id": "libwebp-devel-0:1.0.0-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"product": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"product_id": "libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"product_id": "libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"product_id": "libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.el8.i686",
"product": {
"name": "libwebp-0:1.0.0-5.el8.i686",
"product_id": "libwebp-0:1.0.0-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-5.el8.i686",
"product": {
"name": "libwebp-devel-0:1.0.0-5.el8.i686",
"product_id": "libwebp-devel-0:1.0.0-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-5.el8.i686",
"product": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.i686",
"product_id": "libwebp-debugsource-0:1.0.0-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-5.el8.i686",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.i686",
"product_id": "libwebp-debuginfo-0:1.0.0-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"product_id": "libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.el8.x86_64",
"product": {
"name": "libwebp-0:1.0.0-5.el8.x86_64",
"product_id": "libwebp-0:1.0.0-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-5.el8.x86_64",
"product": {
"name": "libwebp-devel-0:1.0.0-5.el8.x86_64",
"product_id": "libwebp-devel-0:1.0.0-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"product": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"product_id": "libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"product_id": "libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"product_id": "libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.el8.s390x",
"product": {
"name": "libwebp-0:1.0.0-5.el8.s390x",
"product_id": "libwebp-0:1.0.0-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-5.el8.s390x",
"product": {
"name": "libwebp-devel-0:1.0.0-5.el8.s390x",
"product_id": "libwebp-devel-0:1.0.0-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-5.el8.s390x",
"product": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.s390x",
"product_id": "libwebp-debugsource-0:1.0.0-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"product_id": "libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"product_id": "libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64"
},
"product_reference": "libwebp-0:1.0.0-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686"
},
"product_reference": "libwebp-0:1.0.0-5.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le"
},
"product_reference": "libwebp-0:1.0.0-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x"
},
"product_reference": "libwebp-0:1.0.0-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src"
},
"product_reference": "libwebp-0:1.0.0-5.el8.src",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64"
},
"product_reference": "libwebp-0:1.0.0-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-5.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686"
},
"product_reference": "libwebp-debugsource-0:1.0.0-5.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le"
},
"product_reference": "libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x"
},
"product_reference": "libwebp-debugsource-0:1.0.0-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64"
},
"product_reference": "libwebp-devel-0:1.0.0-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686"
},
"product_reference": "libwebp-devel-0:1.0.0-5.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le"
},
"product_reference": "libwebp-devel-0:1.0.0-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x"
},
"product_reference": "libwebp-devel-0:1.0.0-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64"
},
"product_reference": "libwebp-devel-0:1.0.0-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25009",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956917"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds read in WebPMuxCreateInternal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25009"
},
{
"category": "external",
"summary": "RHBZ#1956917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956917"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25009",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25009"
}
],
"release_date": "2018-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: out-of-bounds read in WebPMuxCreateInternal"
},
{
"cve": "CVE-2018-25010",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956918"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds read in ApplyFilter()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25010"
},
{
"category": "external",
"summary": "RHBZ#1956918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956918"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25010",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25010"
}
],
"release_date": "2018-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: out-of-bounds read in ApplyFilter()"
},
{
"cve": "CVE-2018-25012",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds read in WebPMuxCreateInternal()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25012"
},
{
"category": "external",
"summary": "RHBZ#1956922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25012",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25012"
}
],
"release_date": "2018-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: out-of-bounds read in WebPMuxCreateInternal()"
},
{
"cve": "CVE-2018-25013",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956926"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds read in ShiftBytes()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25013"
},
{
"category": "external",
"summary": "RHBZ#1956926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25013"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25013"
}
],
"release_date": "2018-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: out-of-bounds read in ShiftBytes()"
},
{
"cve": "CVE-2018-25014",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: use of uninitialized value in ReadSymbol()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7 and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25014"
},
{
"category": "external",
"summary": "RHBZ#1956927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25014"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014"
}
],
"release_date": "2018-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: use of uninitialized value in ReadSymbol()"
},
{
"cve": "CVE-2020-36330",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36330"
},
{
"category": "external",
"summary": "RHBZ#1956853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36330"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36330",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36330"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c"
},
{
"cve": "CVE-2020-36331",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36331"
},
{
"category": "external",
"summary": "RHBZ#1956856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36331"
}
],
"release_date": "2021-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c"
},
{
"cve": "CVE-2020-36332",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: excessive memory allocation when reading a file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36332"
},
{
"category": "external",
"summary": "RHBZ#1956868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36332",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36332"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36332",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36332"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.src",
"AppStream-8.5.0.GA:libwebp-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-debugsource-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-devel-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-java-debuginfo-0:1.0.0-5.el8.x86_64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.aarch64",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.i686",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.ppc64le",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.s390x",
"AppStream-8.5.0.GA:libwebp-tools-debuginfo-0:1.0.0-5.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libwebp: excessive memory allocation when reading a file"
}
]
}
alsa-2021:4231
Vulnerability from osv_almalinux
Published
2021-11-09 08:47
Modified
2021-11-12 10:20
Summary
Moderate: libwebp security update
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
-
libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)
-
libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)
-
libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)
-
libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)
-
libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)
-
libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)
-
libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)
-
libwebp: excessive memory allocation when reading a file (CVE-2020-36332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libwebp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libwebp-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n* libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n* libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n* libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n* libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n* libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:4231",
"modified": "2021-11-12T10:20:56Z",
"published": "2021-11-09T08:47:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-4231.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25009"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25010"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25012"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25013"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25014"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36330"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36331"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36332"
}
],
"related": [
"CVE-2018-25009",
"CVE-2018-25010",
"CVE-2018-25012",
"CVE-2018-25013",
"CVE-2018-25014",
"CVE-2020-36330",
"CVE-2020-36331",
"CVE-2020-36332"
],
"summary": "Moderate: libwebp security update"
}
GSD-2018-25014
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-25014",
"description": "A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GSD-2018-25014",
"references": [
"https://www.suse.com/security/cve/CVE-2018-25014.html",
"https://www.debian.org/security/2021/dsa-4930",
"https://access.redhat.com/errata/RHSA-2021:4231",
"https://access.redhat.com/errata/RHSA-2021:2328",
"https://ubuntu.com/security/CVE-2018-25014",
"https://linux.oracle.com/cve/CVE-2018-25014.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-25014"
],
"details": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().",
"id": "GSD-2018-25014",
"modified": "2023-12-13T01:22:36.706177Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-25014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-25014"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-09T02:24Z",
"publishedDate": "2021-05-21T17:15Z"
}
}
}
GHSA-RR28-4V9R-6WCQ
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-08-06 00:00
VLAI?
Details
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2018-25014"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-21T17:15:00Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GHSA-rr28-4v9r-6wcq",
"modified": "2022-08-06T00:00:44Z",
"published": "2022-05-24T19:02:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"type": "WEB",
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212601"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…