Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2022-1081)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.2.2022.1081

Category: Huawei EulerOS Local Security Checks

Title: Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2022-1081)

Summary: The remote host is missing an update for the Huawei EulerOS 'libwebp' package(s) announced via the EulerOS-SA-2022-1081 advisory.

Description: Summary:
The remote host is missing an update for the Huawei EulerOS 'libwebp' package(s) announced via the EulerOS-SA-2022-1081 advisory.

Vulnerability Insight:
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.(CVE-2018-25013)

A flaw was found in libwebp in versions before 1.0.1. An uninitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2018-25014)

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.(CVE-2020-36332)

Affected Software/OS:
'libwebp' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-25013
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
https://bugzilla.redhat.com/show_bug.cgi?id=1956926
https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
Common Vulnerability Exposure (CVE) ID: CVE-2018-25014
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
https://bugzilla.redhat.com/show_bug.cgi?id=1956927
https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52
Common Vulnerability Exposure (CVE) ID: CVE-2020-36332
Debian Security Information: DSA-4930 (Google Search)
https://www.debian.org/security/2021/dsa-4930
https://bugzilla.redhat.com/show_bug.cgi?id=1956868

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.2.2022.1081
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2022-1081)
Summary:	The remote host is missing an update for the Huawei EulerOS 'libwebp' package(s) announced via the EulerOS-SA-2022-1081 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'libwebp' package(s) announced via the EulerOS-SA-2022-1081 advisory. Vulnerability Insight: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.(CVE-2018-25013) A flaw was found in libwebp in versions before 1.0.1. An uninitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2018-25014) A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.(CVE-2020-36332) Affected Software/OS: 'libwebp' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-25013 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417 https://bugzilla.redhat.com/show_bug.cgi?id=1956926 https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6 Common Vulnerability Exposure (CVE) ID: CVE-2018-25014 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 https://bugzilla.redhat.com/show_bug.cgi?id=1956927 https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 Common Vulnerability Exposure (CVE) ID: CVE-2020-36332 Debian Security Information: DSA-4930 (Google Search) https://www.debian.org/security/2021/dsa-4930 https://bugzilla.redhat.com/show_bug.cgi?id=1956868
Copyright	Copyright (C) 2022 Greenbone AG