libwebp 0.6.1-2ubuntu0.21.04.1 source package in Ubuntu
Changelog
libwebp (0.6.1-2ubuntu0.21.04.1) hirsute-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24()
- debian/patches/CVE-2018-25009.patch: check data_size in
src/mux/muxread.c.
- CVE-2018-25009
- CVE-2018-25012
* SECURITY UPDATE: heap-based buffer overflow in ApplyFilter()
- debian/patches/CVE-2018-25010.patch: limit the filter size in
src/utils/quant_levels_dec_utils.c.
- CVE-2018-25010
* SECURITY UPDATE: heap-based buffer overflow in PutLE16()
- debian/patches/CVE-2018-25011.patch: limit number of image chunks in
src/mux/muxread.c.
- CVE-2018-25011
* SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in
ReadSymbol()
- debian/patches/CVE-2018-25013_4.patch: wait for all threads to be
done in DecodeRemaining in src/dec/idec_dec.c.
- CVE-2018-25013
- CVE-2018-25014
* SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions
- debian/patches/CVE-2020-36328.patch: fix buffer size check in
src/dec/buffer_dec.c.
- CVE-2020-36328
* SECURITY UPDATE: use-after-free in EmitFancyRGB()
- debian/patches/CVE-2020-36329.patch: fix thread race
heap-use-after-free in src/dec/idec_dec.c.
- CVE-2020-36329
* SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign()
- debian/patches/CVE-2020-36330.patch: fix riff size checks in
src/mux/muxread.c.
- CVE-2020-36330
* SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData()
- debian/patches/CVE-2020-36331.patch: validate chunk_size in
src/mux/muxi.h, src/mux/muxread.c.
- CVE-2020-36331
* SECURITY UPDATE: extreme memory allocation when reading a file
- debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation
when reading invalid Huffman codes in src/dec/vp8l_dec.c.
- debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman
codes in src/dec/vp8l_dec.c.
- CVE-2020-36332
-- Marc Deslauriers <email address hidden> Thu, 20 May 2021 07:52:26 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hirsute
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libwebp_0.6.1.orig.tar.gz | 3.4 MiB | a86045e3ec24704bddbaa369ca30980d6bf4f2625f4cdca03715e91f9c08bbb4 |
| libwebp_0.6.1-2ubuntu0.21.04.1.debian.tar.xz | 16.4 KiB | 4d3f2c3d5d57fe40ff0e110681d031b545f55f41e3a3e15d4ecb7aa946a336a8 |
| libwebp_0.6.1-2ubuntu0.21.04.1.dsc | 2.1 KiB | cdcc0d176e1343cc3e9fb068f17494a9fdb8c5bd4e47bf3fd8c669cfd4bb96cc |
Available diffs
Binary packages built by this source
- libwebp-dev: No summary available for libwebp-dev in ubuntu hirsute.
No description available for libwebp-dev in ubuntu hirsute.
- libwebp6: No summary available for libwebp6 in ubuntu hirsute.
No description available for libwebp6 in ubuntu hirsute.
- libwebp6-dbgsym: No summary available for libwebp6-dbgsym in ubuntu hirsute.
No description available for libwebp6-dbgsym in ubuntu hirsute.
- libwebpdemux2: No summary available for libwebpdemux2 in ubuntu hirsute.
No description available for libwebpdemux2 in ubuntu hirsute.
- libwebpdemux2-dbgsym: No summary available for libwebpdemux2-dbgsym in ubuntu hirsute.
No description available for libwebpdemux2-
dbgsym in ubuntu hirsute.
- libwebpmux3: No summary available for libwebpmux3 in ubuntu hirsute.
No description available for libwebpmux3 in ubuntu hirsute.
- libwebpmux3-dbgsym: No summary available for libwebpmux3-dbgsym in ubuntu hirsute.
No description available for libwebpmux3-dbgsym in ubuntu hirsute.
- webp: No summary available for webp in ubuntu hirsute.
No description available for webp in ubuntu hirsute.
- webp-dbgsym: No summary available for webp-dbgsym in ubuntu hirsute.
No description available for webp-dbgsym in ubuntu hirsute.
