CVE-2018-25014

CVE	CVE-2018-25014
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-21 17:15:00 UTC
Updated	2023-02-09 02:24:00 UTC
Description	A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

Problem Types: CWE-908

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Ipados	All	All	All	All
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Application	Webmproject	Libwebp	All	All	All	All

Reference	Source	Link	Tags
Log - 78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 - webm/libwebp - Git at Google	MISC	chromium.googlesource.com
[SECURITY] [DLA 2672-1] libwebp security update	MLIST	lists.debian.org
9496 - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail	MISC	bugs.chromium.org
[SECURITY] [DLA 2677-1] libwebp security update	MLIST	lists.debian.org
About the security content of iOS 14.7 and iPadOS 14.7 - Apple Support	CONFIRM	support.apple.com
October 2021 Libwebp Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
1956927 – (CVE-2018-25014) CVE-2018-25014 libwebp: use of uninitialized value in ReadSymbol()	MISC	bugzilla.redhat.com
Debian -- Security Information -- DSA-4930-1 libwebp	DEBIAN	www.debian.org
Full Disclosure: APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7	FULLDISC	seclists.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

159254 Oracle Enterprise Linux Security Update for qt5-qtimageformats (ELSA-2021-2328)
159474 Oracle Enterprise Linux Security Update for libwebp (ELSA-2021-4231)
178659 Debian Security Update for libwebp (DLA 2672-1)
178660 Debian Security Update for libwebp (DLA 2677-1)
178670 Debian Security Update for libwebp (DSA 4930-1)
198390 Ubuntu Security Notification for libwebp vulnerabilities (USN-4971-1)
239399 Red Hat Update for qt5-qtimageformats (RHSA-2021:2328)
239782 Red Hat Update for libwebp (RHSA-2021:4231)
257091 CentOS Security Update for qt5-qtimageformats Security Update (CESA-2021:2328)
352464 Amazon Linux Security Advisory for qt5-qtimageformats: ALAS2-2021-1679
377060 Alibaba Cloud Linux Security Update for qt5-qtimageformats (ALINUX2-SA-2021:0037)
610349 Apple iOS 14.7 and iPadOS 14.7 Security Update Missing
670547 EulerOS Security Update for libwebp (EulerOS-SA-2021-2305)
670580 EulerOS Security Update for libwebp (EulerOS-SA-2021-2338)
670645 EulerOS Security Update for libwebp (EulerOS-SA-2021-2403)
671012 EulerOS Security Update for libwebp (EulerOS-SA-2021-2594)
900015 CBL-Mariner Linux Security Update for libwebp 1.0.0
902805 Common Base Linux Mariner (CBL-Mariner) Security Update for libwebp (4211)
940178 AlmaLinux Security Update for libwebp (ALSA-2021:4231)
960323 Rocky Linux Security Update for libwebp (RLSA-2021:4231)