CVE-2020-36328 — Out-of-bounds Write in Libwebp
Severity
9.8CRITICALNVD
EPSS
0.5%
top 32.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 21
Latest updateApr 10
Description
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 10.0, 9.0, Enterprise Linux 7.0, 8.0
Patches
🔴Vulnerability Details
3📋Vendor Advisories
7Microsoft▶
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulne↗2021-05-11
🕵️Threat Intelligence
2Qualys▶
iOS and iPadOS 14.7 and 14.7.1 Security Update: Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices | Qualys↗2021-07-28
Qualys▶
iOS and iPadOS 14.7 and 14.7.1 Security Update: Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices↗2021-07-28