CVE-2020-36328

critical

Description

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Advisories

https://www.debian.org/security/2021/dsa-4930

https://support.apple.com/kb/HT212601

https://security.netapp.com/advisory/ntap-20211112-0001/

https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html

https://bugzilla.redhat.com/show_bug.cgi?id=1956829

http://seclists.org/fulldisclosure/2021/Jul/54

Details

Source: Mitre, NVD

Published: 2021-05-21

Updated: 2023-01-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00791