CVE-2020-36328 - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPD

CVE-2020-36328

Summary

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Vulnerable Configurations

cpe:2.3:a:webmproject:libwebp:-:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:-:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.1.99:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.1.99:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:14.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:14.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:14.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:14.7:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 09-01-2023 - 16:41)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

Last major update

09-01-2023 - 16:41

Published

21-05-2021 - 17:15

Last modified

09-01-2023 - 16:41