CVE-2020-36330

CRITICAL | Platform: iPadOS | Changelog

CVE Details

Description

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVSS 3.1 Score

Metric	Value
Base Score	9.1 (CRITICAL)
Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H`

Weakness

CWE-125

References

Apple Security Advisory
NVD Entry
http://seclists.org/fulldisclosure/2021/Jul/54 (Mailing List, Third Party Advisory)
https://bugzilla.redhat.com/show_bug.cgi?id=1956853 (Issue Tracking, Patch, Third Party Advisory)
https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html (Mailing List, Third Party Advisory)
https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html (Mailing List, Third Party Advisory)
https://security.netapp.com/advisory/ntap-20211104-0004/ (Third Party Advisory)
https://www.debian.org/security/2021/dsa-4930 (Third Party Advisory)