CVE-2020-36331: Buffer Overflow
First published: Tue May 04 2021(Updated: )
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/libwebp | 0.6.1-2+deb10u1 0.6.1-2+deb10u3 0.6.1-2.1+deb11u2 1.2.4-0.2+deb12u1 1.3.2-0.3 | |
| Webmproject Libwebp | <1.0.1 | |
| Redhat Enterprise Linux | =8.0 | |
| NetApp ONTAP Select Deploy administration utility | ||
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Apple iPadOS | <14.7 | |
| Apple iPhone OS | <14.7 | |
| redhat/libwebp | <1.0.1 | 1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.chromium.org/p/webp/issues/detail?id=388
- https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe
- https://security-tracker.debian.org/tracker/CVE-2020-36331
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://bugzilla.redhat.com/show_bug.cgi?id=1956856
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://security.netapp.com/advisory/ntap-20211112-0001/
- https://support.apple.com/kb/HT212601
- https://www.debian.org/security/2021/dsa-4930
- https://access.redhat.com/errata/RHSA-2021:4231
- https://access.redhat.com/security/cve/cve-2020-36331
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2020-36331.
What is the severity of CVE-2020-36331?
The severity of CVE-2020-36331 is critical with a score of 9.1.
What is the affected software for CVE-2020-36331?
The affected software for CVE-2020-36331 includes libwebp versions before 1.0.1, Mozilla Firefox ESR, Redhat Enterprise Linux, NetApp ONTAP Select Deploy administration utility, Debian Debian Linux, Apple iPadOS, and Apple iPhone OS.
What is the highest threat from CVE-2020-36331?
The highest threat from CVE-2020-36331 is to data confidentiality and service availability.
Where can I find more information about CVE-2020-36331?
You can find more information about CVE-2020-36331 at the following references: [1] http://seclists.org/fulldisclosure/2021/Jul/54, [2] https://bugzilla.redhat.com/show_bug.cgi?id=1956856, [3] https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- collector/security-tracker-debian
- agent/type
- agent/remedy
- agent/author
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-36331
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- agent/trending
- package-manager/debian
- vendor/webmproject
- canonical/webmproject libwebp
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- vendor/netapp
- canonical/netapp ontap select deploy administration utility
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/apple
- canonical/apple ipados
- canonical/apple iphone os
- package-manager/redhat