Wind River Support Network

HomeDefectsLIN1021-5742
Fixed

LIN1021-5742 : Security Advisory - libwebp - CVE-2023-1999

Created: May 4, 2023    Updated: Jun 21, 2023
Resolved Date: May 23, 2023
Found In Version: 10.21.20.1
Fix Version: 10.21.20.18
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. 


https://nvd.nist.gov/vuln/detail/CVE-2023-1999

CVEs


Live chat
Online