exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2023-1999

Status Candidate

Overview

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

Related Files

Ubuntu Security Notice USN-6078-2
Posted Jul 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6078-2 - USN-6078-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 16.04 LTS. Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-1999
SHA-256 | 858e6ceda6c12d30134ce36e90a3dcf540cf82ab9d9f61e085c05d807a644411
Gentoo Linux Security Advisory 202305-35
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-0767, CVE-2023-1945, CVE-2023-1999, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25731, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735, CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25742
SHA-256 | 80fb46eeb6bf6b4a190797c274bb247b815138162b8deea3f7a113e5d441ebc6
Gentoo Linux Security Advisory 202305-36
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-36 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-1945, CVE-2023-1999, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735, CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25740
SHA-256 | cf32af8db7f48a44b2fe2d1424fd1ad7ec5f57e5c79d44dd0561f7d2a05b5ea4
Debian Security Advisory 5408-1
Posted May 22, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2023-1999
SHA-256 | 914d777520963dd3f76daa3201f29d0daa6b00ad5b9b1a5b2888178a4edb5318
Ubuntu Security Notice USN-6078-1
Posted May 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6078-1 - Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-1999
SHA-256 | 99fe43716a9a23c0343467babea169fb8c83d3207c94af57936eb6370c7cdfa8
Red Hat Security Advisory 2023-2110-01
Posted May 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-46146, CVE-2023-0286, CVE-2023-1999, CVE-2023-28617
SHA-256 | 4e216a91a43a7b8927163cc64253bfb9385719276af01ea8051621c425a5d012
Red Hat Security Advisory 2023-2085-01
Posted May 3, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2085-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-1999
SHA-256 | 53c2da02a652387fed667edf0e66f0a8268b4d564d0c049363c85ee6d8a43383
Red Hat Security Advisory 2023-2084-01
Posted May 3, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2084-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-1999
SHA-256 | 4004010ea54c5d4d427ab1fb2f9acb3a6e7a1745175f804867815500bf6dabe2
Red Hat Security Advisory 2023-2076-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2076-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-1999
SHA-256 | a6b24614d5bc97178291df5105988fb3bcd7a84f1b24deba4cdd6cdca7dc1bfe
Red Hat Security Advisory 2023-2072-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2072-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-1999
SHA-256 | f818fb5b873bc96714472cc940b2c26b571a752dbdc2c2d767bf78fe21306dd4
Red Hat Security Advisory 2023-2077-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2077-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-1999
SHA-256 | 1de2fde981d3134afbf14dda1102e581070981b0a123efb5550e5ae45b95a4d7
Red Hat Security Advisory 2023-2073-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2073-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-1999
SHA-256 | e2a9600ff2e5e2294beb580173b9ac886ac929716bf1a8d1f3cbb6409fc40e49
Red Hat Security Advisory 2023-2078-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2078-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-1999
SHA-256 | 904f21c57132ce5c1f359b887916aac166f8c087e79cd5c8c7b963411732a561
Red Hat Security Advisory 2023-2075-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2075-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-1999
SHA-256 | 117cc581bc12e277be631c30a729aae935873c6a65037edec0158053c57faa12
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close