]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f19c20c) | patch
libwebp: Fix CVE-2023-1999
authorSoumya <soumya.sambu@windriver.com>
Mon, 17 Jul 2023 03:29:31 +0000 (03:29 +0000)
committerSteve Sakoman <steve@sakoman.com>
Mon, 17 Jul 2023 14:45:01 +0000 (04:45 -1000)
commita5d0f8734ca643c25f0952387b38edf8ffd70525
tree6cd8805301ac77912038190fa8441adeb0a0acfetree | snapshot
parentf19c20c429395c1b4c62a6e0388ef51b830871c5commit | diff
libwebp: Fix CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can
use the ApplyFiltersAndEncode() function and loop through to free
best.bw and assign best = trial pointer. The second loop will then
return 0 because of an Out of memory error in VP8 encoder, the pointer
is still assigned to trial and the AddressSanitizer will attempt a double free.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-1999

Upstream patch:
https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129

Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-multimedia/webp/files/CVE-2023-1999.patch [new file with mode: 0644] blob
meta/recipes-multimedia/webp/libwebp_1.2.4.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core