CVE-2023-1999
Summary
| CVE | CVE-2023-1999 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-20 12:15:00 UTC |
| Updated | 2023-09-17 09:15:00 UTC |
| Description | There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. |
Risk And Classification
Problem Types: CWE-415 | CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Webmproject | Libwebp | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| webm/libwebp - Git at Google | MISC | chromium.googlesource.com | |
| WebP: Multiple vulnerabilities (GLSA 202309-05) — Gentoo security | MISC | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160571 Oracle Enterprise Linux Security Update for libwebp (ELSA-2023-2077)
- 160573 Oracle Enterprise Linux Security Update for libwebp (ELSA-2023-2078)
- 160575 Oracle Enterprise Linux Security Update for libwebp (ELSA-2023-2076)
- 181796 Debian Security Update for libwebp (DSA 5408-1)
- 181815 Debian Security Update for libwebp (DLA 3439-1)
- 182674 Debian Security Update for firefox-esrlibwebpthunderbird (CVE-2023-1999)
- 199341 Ubuntu Security Notification for libwebp Vulnerability (USN-6078-1)
- 199531 Ubuntu Security Notification for libwebp Vulnerability (USN-6078-2)
- 241398 Red Hat Update for libwebp (RHSA-2023:2075)
- 241399 Red Hat Update for libwebp (RHSA-2023:2084)
- 241400 Red Hat Update for libwebp (RHSA-2023:2076)
- 241401 Red Hat Update for libwebp (RHSA-2023:2085)
- 241402 Red Hat Update for libwebp (RHSA-2023:2077)
- 241404 Red Hat Update for libwebp (RHSA-2023:2078)
- 241621 Red Hat Update for thunderbird (RHSA-2023:1803)
- 241638 Red Hat Update for firefox (RHSA-2023:1789)
- 241644 Red Hat Update for libwebp (RHSA-2023:2072)
- 241645 Red Hat Update for thunderbird (RHSA-2023:1805)
- 241663 Red Hat Update for libwebp (RHSA-2023:2073)
- 241676 Red Hat Update for firefox (RHSA-2023:1792)
- 257237 CentOS Security Update for libwebp (CESA-2023:2077)
- 355408 Amazon Linux Security Advisory for libwebp : ALAS2023-2023-185
- 356220 Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-005
- 356496 Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-005
- 378511 Alibaba Cloud Linux Security Update for libwebp (ALINUX2-SA-2023:0022)
- 378911 Microsoft Edge Based on Chromium Prior to 117.0.2045.47 Multiple Vulnerabilities
- 503015 Alpine Linux Security Update for libwebp
- 503016 Alpine Linux Security Update for libwebp
- 503018 Alpine Linux Security Update for libwebp
- 503115 Alpine Linux Security Update for libwebp
- 503446 Alpine Linux Security Update for firefox-esr
- 505889 Alpine Linux Security Update for libwebp
- 506054 Alpine Linux Security Update for firefox-esr
- 673213 EulerOS Security Update for libwebp (EulerOS-SA-2023-2385)
- 673236 EulerOS Security Update for libwebp (EulerOS-SA-2023-2359)
- 673281 EulerOS Security Update for libwebp (EulerOS-SA-2023-2588)
- 673287 EulerOS Security Update for libwebp (EulerOS-SA-2023-2618)
- 673329 EulerOS Security Update for libwebp (EulerOS-SA-2023-2653)
- 673565 EulerOS Security Update for libwebp (EulerOS-SA-2023-2695)
- 710735 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202305-36)
- 710739 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202305-35)
- 710750 Gentoo Linux WebP Multiple Vulnerabilities (GLSA 202309-05)
- 754075 SUSE Enterprise Linux Security Update for libwebp (SUSE-SU-2023:2467-1)
- 754114 SUSE Enterprise Linux Security Update for libwebp (SUSE-SU-2023:2552-1)
- 907355 Common Base Linux Mariner (CBL-Mariner) Security Update for libwebp (27181-1)
- 940997 AlmaLinux Security Update for libwebp (ALSA-2023:2076)
- 941000 AlmaLinux Security Update for libwebp (ALSA-2023:2078)
- 960925 Rocky Linux Security Update for libwebp (RLSA-2023:2078)
- 960939 Rocky Linux Security Update for libwebp (RLSA-2023:2076)