NVD Vulnerability Detail

CVE-2020-36328

Summary	A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Publication Date	May 22, 2021, 2:15 a.m.
Registration Date	May 22, 2021, 10 a.m.
Last Update	Nov. 21, 2024, 2:29 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:webmproject:libwebp::::::::					1.0.1

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://seclists.org/fulldisclosure/2021/Jul/54	Mailing List Third Party Advisory
2	http://seclists.org/fulldisclosure/2021/Jul/54	Mailing List Third Party Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=1956829	Issue Tracking Patch Release Notes Third Party Advisory
4	https://bugzilla.redhat.com/show_bug.cgi?id=1956829	Issue Tracking Patch Release Notes Third Party Advisory
5	https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html	Mailing List Third Party Advisory
6	https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html	Mailing List Third Party Advisory
7	https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html	Mailing List Third Party Advisory
8	https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html	Mailing List Third Party Advisory
9	https://security.netapp.com/advisory/ntap-20211112-0001/	Third Party Advisory
10	https://security.netapp.com/advisory/ntap-20211112-0001/	Third Party Advisory
11	https://support.apple.com/kb/HT212601	Third Party Advisory
12	https://support.apple.com/kb/HT212601	Third Party Advisory
13	https://www.debian.org/security/2021/dsa-4930	Third Party Advisory
14	https://www.debian.org/security/2021/dsa-4930	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

libwebp における境界外書き込みに関する脆弱性

Title	libwebp における境界外書き込みに関する脆弱性
Summary	libwebp には、境界外書き込みに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 23, 2018, midnight
Registration Date	Jan. 27, 2022, 6:07 p.m.
Last Update	Jan. 27, 2022, 6:07 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux

アップル

iOS

iPadOS

Debian

Debian GNU/Linux

NetApp

ONTAP Select Deploy administration utility

The WebM Project

libwebp 1.0.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-36328	https://www.cve.org/CVERecord?id=CVE-2020-36328
National Vulnerability Database (NVD)
2	CVE-2020-36328	https://nvd.nist.gov/vuln/detail/CVE-2020-36328

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-787	https://cwe.mitre.org/data/definitions/787.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT212601	https://support.apple.com/en-us/HT212601
Apple セキュリティアップデート
2	HT212601	https://support.apple.com/ja-jp/HT212601
chromium
3	Issue 383: heap-buffer-overflow in WebPDecode*Into functions	https://bugs.chromium.org/p/webp/issues/detail?id=383
Debian
4	[SECURITY] [DLA 2672-1] libwebp security update	https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
5	[SECURITY] [DLA 2677-1] libwebp security update	https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
Debian Security Advisory
6	DSA-4930-1	https://www.debian.org/security/2021/dsa-4930
NetApp Advisory
7	NTAP-20211112-0001	https://security.netapp.com/advisory/ntap-20211112-0001/
Red Hat Bugzilla
8	Bug 1956829	https://bugzilla.redhat.com/show_bug.cgi?id=1956829

Change Log

No	Changed Details	Date of change
1	[2022年01月27日] 掲載	Jan. 27, 2022, 6:07 p.m.