Opened 21 months ago
Closed 21 months ago
#16803 closed enhancement (fixed)
libwebp-1.2.3
Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | elevated | Milestone: | 11.2 |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (5)
comment:1 by , 21 months ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:3 by , 21 months ago
Priority: | normal → elevated |
---|
There were no details on WebP's bug tracker, nor on Chromium's bug tracker.
However, I found the commits that bug 565 (the security fix) was resolved in:
https://github.com/webmproject/libwebp/commit/fe153fae98a3fe4626ff537ec8d5f4477cec5739
https://github.com/webmproject/libwebp/commit/a828a59b49d2e3fbc40dc42a6ee6426cd0f2c9dc
https://github.com/webmproject/libwebp/commit/e3cfafaf719c2e163d3548d7a415da96fdff714f
This looks to be a denial of service (memory leak and segmentation fault due to being out of memory) issue when processing JPG images to convert them to WebP images
No CVE number yet, but this should be enough to file an advisory.
comment:4 by , 21 months ago
I'll file an advisory once more information about this one is available (a CVE number in particular). It doesn't make much sense to refer to bug reports instead since they're currently locked to the public.
comment:5 by , 21 months ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |