CLSA-2023-1696537325

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1696537325.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2023-1696537325
Upstream
Published
2023-10-05T20:22:09Z
Modified
2026-06-04T09:46:15.321812550Z
Summary
Fix of 10 CVEs
Details
  • SECURITY UPDATE: a heap-based buffer overflow
    • debian/patches/CVE-2018-25009.patch: add additional check to avoid read over the header
    • CVE-2018-25009
  • SECURITY UPDATE: a heap-based buffer overflow
    • debian/patches/CVE-2018-25010.patch: limit the filter size to not exceed the image dimensions
    • CVE-2018-25010
  • SECURITY UPDATE: fail on multiple image chunks
    • debian/patches/CVE-2018-25011.patch: only 1 image chunk allowed
    • CVE-2018-25011
  • SECURITY UPDATE: a heap-based buffer overflow
    • debian/patches/CVE-2018-25013_4.patch: wait for all threads to be done in DecodeRemaining.
    • CVE-2018-25013
    • CVE-2018-25014
  • SECURITY UPDATE: a heap-based buffer overflow
    • debian/patches/CVE-2020-36328.patch: fix invalid check for buffer size
    • CVE-2020-36328
  • SECURITY UPDATE: a use-after-free was found due to a thread being killed too early
    • debian/patches/CVE-2020-36329.patch: fix for thread race heap-use-after-free
    • CVE-2020-36329
  • SECURITY UPDATE: an out-of-bounds read
    • debian/patches/CVE-2020-36330.patch: fix riff size checks
    • CVE-2020-36330
  • SECURITY UPDATE: an out-of-bounds read
    • debian/patches/CVE-2020-36331.patch: validate chunk_size
    • CVE-2020-36331
  • SECURITY UPDATE: a use after free/double free
    • debian/patches/CVE-2023-1999.patch: clear result->bw on error
    • CVE-2023-1999
References

Affected packages

TuxCare:Ubuntu:16.04 / libwebp-dev

Package

Name
libwebp-dev
Purl
pkg:deb/tuxcare/libwebp-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.4-1+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1696537325.json"

TuxCare:Ubuntu:16.04 / libwebp5

Package

Name
libwebp5
Purl
pkg:deb/tuxcare/libwebp5?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.4-1+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1696537325.json"

TuxCare:Ubuntu:16.04 / libwebpdemux1

Package

Name
libwebpdemux1
Purl
pkg:deb/tuxcare/libwebpdemux1?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.4-1+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1696537325.json"

TuxCare:Ubuntu:16.04 / libwebpmux1

Package

Name
libwebpmux1
Purl
pkg:deb/tuxcare/libwebpmux1?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.4-1+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1696537325.json"

TuxCare:Ubuntu:16.04 / webp

Package

Name
webp
Purl
pkg:deb/tuxcare/webp?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.4-1+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1696537325.json"