CVE-2018-25014

CRITICAL | Platform: iPadOS | Changelog

CVE Details

Description

A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

CVSS 3.1 Score

Metric	Value
Base Score	9.8 (CRITICAL)
Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`

Weakness

CWE-908

References

Apple Security Advisory
NVD Entry
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 (Third Party Advisory)
https://bugzilla.redhat.com/show_bug.cgi?id=1956927 (Issue Tracking, Patch, Third Party Advisory)
https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 (Third Party Advisory)