{"api_version":"1","generated_at":"2026-04-22T23:30:56+00:00","cve":"CVE-2018-25014","urls":{"html":"https://cve.report/CVE-2018-25014","api":"https://cve.report/api/cve/CVE-2018-25014.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-25014","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-25014"},"summary":{"title":"CVE-2018-25014","description":"A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-21 17:15:00","updated_at":"2023-02-09 02:24:00"},"problem_types":["CWE-908"],"metrics":[],"references":[{"url":"https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52","name":"https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52","refsource":"MISC","tags":[],"title":"Log - 78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 - webm/libwebp - Git at Google","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html","name":"[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2672-1] libwebp security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496","name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496","refsource":"MISC","tags":[],"title":"9496 - \n \n \n oss-fuzz -\n \n \n OSS-Fuzz: Fuzzing the planet - \n \n Monorail","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html","name":"[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2677-1] libwebp security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT212601","name":"https://support.apple.com/kb/HT212601","refsource":"CONFIRM","tags":[],"title":"About the security content of iOS 14.7 and iPadOS 14.7 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20211104-0004/","name":"https://security.netapp.com/advisory/ntap-20211104-0004/","refsource":"CONFIRM","tags":[],"title":"October 2021 Libwebp Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956927","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1956927","refsource":"MISC","tags":[],"title":"1956927 – (CVE-2018-25014) CVE-2018-25014 libwebp: use of uninitialized value in ReadSymbol()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2021/dsa-4930","name":"DSA-4930","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4930-1 libwebp","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/Jul/54","name":"20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-25014","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25014","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"25014","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"25014","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"25014","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"25014","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"25014","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"ontap_select_deploy_administration_utility","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"25014","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"25014","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"25014","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmproject","cpe5":"libwebp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-25014","qid":"159254","title":"Oracle Enterprise Linux Security Update for qt5-qtimageformats (ELSA-2021-2328)"},{"cve":"CVE-2018-25014","qid":"159474","title":"Oracle Enterprise Linux Security Update for libwebp (ELSA-2021-4231)"},{"cve":"CVE-2018-25014","qid":"178659","title":"Debian Security Update for libwebp (DLA 2672-1)"},{"cve":"CVE-2018-25014","qid":"178660","title":"Debian Security Update for libwebp (DLA 2677-1)"},{"cve":"CVE-2018-25014","qid":"178670","title":"Debian Security Update for libwebp (DSA 4930-1)"},{"cve":"CVE-2018-25014","qid":"198390","title":"Ubuntu Security Notification for libwebp vulnerabilities (USN-4971-1)"},{"cve":"CVE-2018-25014","qid":"239399","title":"Red Hat Update for qt5-qtimageformats (RHSA-2021:2328)"},{"cve":"CVE-2018-25014","qid":"239782","title":"Red Hat Update for libwebp (RHSA-2021:4231)"},{"cve":"CVE-2018-25014","qid":"257091","title":"CentOS Security Update for qt5-qtimageformats Security Update (CESA-2021:2328)"},{"cve":"CVE-2018-25014","qid":"352464","title":"Amazon Linux Security Advisory for qt5-qtimageformats: ALAS2-2021-1679"},{"cve":"CVE-2018-25014","qid":"377060","title":"Alibaba Cloud Linux Security Update for qt5-qtimageformats (ALINUX2-SA-2021:0037)"},{"cve":"CVE-2018-25014","qid":"610349","title":"Apple iOS 14.7 and iPadOS 14.7 Security Update Missing"},{"cve":"CVE-2018-25014","qid":"670547","title":"EulerOS Security Update for libwebp (EulerOS-SA-2021-2305)"},{"cve":"CVE-2018-25014","qid":"670580","title":"EulerOS Security Update for libwebp (EulerOS-SA-2021-2338)"},{"cve":"CVE-2018-25014","qid":"670645","title":"EulerOS Security Update for libwebp (EulerOS-SA-2021-2403)"},{"cve":"CVE-2018-25014","qid":"671012","title":"EulerOS Security Update for libwebp (EulerOS-SA-2021-2594)"},{"cve":"CVE-2018-25014","qid":"900015","title":"CBL-Mariner Linux Security Update for libwebp 1.0.0"},{"cve":"CVE-2018-25014","qid":"902805","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libwebp (4211)"},{"cve":"CVE-2018-25014","qid":"940178","title":"AlmaLinux Security Update for libwebp (ALSA-2021:4231)"},{"cve":"CVE-2018-25014","qid":"960323","title":"Rocky Linux Security Update for libwebp (RLSA-2021:4231)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2018-25014","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"libwebp","version":{"version_data":[{"version_value":"libwebp 1.0.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-908"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1956927","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956927"},{"refsource":"MISC","name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"},{"refsource":"MISC","name":"https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52","url":"https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"}]},"description":{"description_data":[{"lang":"eng","value":"A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."}]}},"nvd":{"publishedDate":"2021-05-21 17:15:00","lastModifiedDate":"2023-02-09 02:24:00","problem_types":["CWE-908"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"25014","Ordinal":"207367","Title":"CVE-2018-25014","CVE":"CVE-2018-25014","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"25014","Ordinal":"1","NoteData":"A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"25014","Ordinal":"2","NoteData":"2021-05-21","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"25014","Ordinal":"3","NoteData":"2021-11-04","Type":"Other","Title":"Modified"}]}}}