Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.892677 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for libwebp (DLA-2677-1) |
Zusammenfassung: | The remote host is missing an update for the 'libwebp'; package(s) announced via the DLA-2677-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'libwebp' package(s) announced via the DLA-2677-1 advisory. Vulnerability Insight: Multiple security issues have been discovered in libwebp CVE-2018-25009 An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2018-25010 An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2018-25011 A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2018-25012 An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2018-25013 An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2018-25014 An uninitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-36328 A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-36329 A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-36330 An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2020-36331 An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Affected Software/OS: 'libwebp' package(s) on Debian Linux. Solution: For Debian 9 stretch, these problems have been fixed in version 0.5.2-1+deb9u1. We recommend that you upgrade your libwebp packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-25009 Common Vulnerability Exposure (CVE) ID: CVE-2018-25010 Common Vulnerability Exposure (CVE) ID: CVE-2018-25011 Common Vulnerability Exposure (CVE) ID: CVE-2018-25012 Common Vulnerability Exposure (CVE) ID: CVE-2018-25013 Common Vulnerability Exposure (CVE) ID: CVE-2018-25014 Common Vulnerability Exposure (CVE) ID: CVE-2020-36328 Common Vulnerability Exposure (CVE) ID: CVE-2020-36329 Common Vulnerability Exposure (CVE) ID: CVE-2020-36330 Common Vulnerability Exposure (CVE) ID: CVE-2020-36331 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |