First published: Fri Feb 02 2018(Updated: )
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Webmproject Libwebm | <=1.0.0.27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6548 is a use-after-free vulnerability in libwebm through 2018-02-02.
CVE-2018-6548 has a severity rating of 9.8, which is considered critical.
CVE-2018-6548 affects Webmproject Libwebm version 1.0.0.27 and earlier.
CVE-2018-6548 is associated with CWE-416, which is a use-after-free vulnerability.
To fix CVE-2018-6548, update to a version of Webmproject Libwebm that is later than 1.0.0.27.