CVE-2020-36329
CRITICAL | Platform: iPadOS | Changelog
CVE Details
Description
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Weakness
References
- Apple Security Advisory
- NVD Entry
- http://seclists.org/fulldisclosure/2021/Jul/54 (Mailing List, Third Party Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=1956843 (Issue Tracking, Patch, Release Notes, Third Party Advisory)
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html (Mailing List, Third Party Advisory)
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html (Mailing List, Third Party Advisory)
- https://security.netapp.com/advisory/ntap-20211112-0001/ (Third Party Advisory)
- https://www.debian.org/security/2021/dsa-4930 (Third Party Advisory)