Msrc Cm1 Libwebp 1.0.3-1 On Cbl Mariner 1.0 vulnerabilities

CVE-2020-36328 [CRITICAL] CWE-787 A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulne A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as syst

CVE-2020-36330 [CRITICAL] CWE-125 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. FAQ: Is Azure Linux the only Microsoft pr

CVE-2018-25010 [CRITICAL] CWE-125 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the

CVE-2020-36331 [CRITICAL] CWE-125 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the serv A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. FAQ: Is Azure Linux the only Microsoft product

CVE-2018-25014 [CRITICAL] CWE-908 A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the mo

CVE-2018-25011 [CRITICAL] CWE-787 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2020-36329 [CRITICAL] CWE-416 A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integ A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. FAQ: Is Azure Linux the onl

CVE-2018-25013 [CRITICAL] CWE-125 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the mo

CVE-2018-25009 [CRITICAL] CWE-125 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2018-25012 [CRITICAL] CWE-125 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2020-36332 [HIGH] CWE-400 A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. FAQ: Is Azure Linux the only Microsoft product that includes this open-so