CVE-2018-25014

Published: 31 December 2018

A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
libwebp Launchpad, Ubuntu, Debian	bionic	Released (0.6.1-2ubuntu0.18.04.1)
	focal	Released (0.6.1-2ubuntu0.20.04.1)
	groovy	Released (0.6.1-2ubuntu0.20.10.1)
	hirsute	Released (0.6.1-2ubuntu0.21.04.1)
	impish	Released (0.6.1-2ubuntu1)
	jammy	Released (0.6.1-2ubuntu1)
	precise	Does not exist
	trusty	Released (0.4.0-4ubuntu0.1~esm1)
	upstream	Needs triage
	xenial	Released (0.4.4-1ubuntu0.1~esm1)
	Patches: upstream: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2018-25014

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading