CVE-2018-25014Use of Uninitialized Resource in Libwebp

CWE-908Use of Uninitialized Resource13 documents11 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 63.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Webmproject LibwebpRedhat Enterprise LinuxPaloalto Pan-os
Timeline
PublishedMay 21
Latest updateApr 10

Description

A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDwebmproject/libwebp< 1.0.1
Debianwebmproject/libwebp< 0.6.1-2.1+3
CVEListV5webmproject/libwebplibwebp 1.0.1
Palo Altopaloalto/pan-os

Also affects: Enterprise Linux 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-rr28-4v9r-6wcq: A flaw was found in libwebp in versions before 12022-05-24
CVEList
CVE-2018-25014: A use of uninitialized value was found in libwebp in versions before 12021-05-21
OSV
CVE-2018-25014: A use of uninitialized value was found in libwebp in versions before 12021-05-21

📋Vendor Advisories

7
Palo Alto
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS2024-04-10
Ubuntu
libwebp vulnerabilities2021-06-10
Ubuntu
libwebp vulnerabilities2021-06-01
Microsoft
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().2021-05-11
Red Hat
libwebp: use of uninitialized value in ReadSymbol()2018-08-20

🕵️Threat Intelligence

2
Qualys
iOS and iPadOS 14.7 and 14.7.1 Security Update: Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices | Qualys2021-07-28
Qualys
iOS and iPadOS 14.7 and 14.7.1 Security Update: Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices2021-07-28
CVE-2018-25014 — Use of Uninitialized Resource | cvebase