First published: Tue May 04 2021(Updated: )
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libwebp | 0.6.1-2+deb10u1 0.6.1-2+deb10u3 0.6.1-2.1+deb11u2 1.2.4-0.2+deb12u1 1.3.2-0.3 | |
Webmproject Libwebp | <1.0.1 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Redhat Enterprise Linux | =8.0 | |
NetApp ONTAP Select Deploy administration utility | ||
Apple iPadOS | <14.7 | |
Apple iPhone OS | <14.7 | |
redhat/libwebp | <1.0.1 | 1.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-36330.
The severity of CVE-2020-36330 is critical with a CVSS score of 9.1.
The affected software includes libwebp in versions before 1.0.1, Mozilla Firefox ESR, Debian Linux, Redhat Enterprise Linux, NetApp ONTAP Select Deploy administration utility, Apple iPadOS, and Apple iPhone OS.
The highest threat from CVE-2020-36330 is to data confidentiality and service availability.
To fix CVE-2020-36330, update to version 1.0.1 or later of libwebp.