libwebp 0.6.1-2ubuntu0.18.04.1 source package in Ubuntu

Changelog

libwebp (0.6.1-2ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24()
    - debian/patches/CVE-2018-25009.patch: check data_size in
      src/mux/muxread.c.
    - CVE-2018-25009
    - CVE-2018-25012
  * SECURITY UPDATE: heap-based buffer overflow in ApplyFilter()
    - debian/patches/CVE-2018-25010.patch: limit the filter size in
      src/utils/quant_levels_dec_utils.c.
    - CVE-2018-25010
  * SECURITY UPDATE: heap-based buffer overflow in PutLE16()
    - debian/patches/CVE-2018-25011.patch: limit number of image chunks in
      src/mux/muxread.c.
    - CVE-2018-25011
  * SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in
    ReadSymbol()
    - debian/patches/CVE-2018-25013_4.patch: wait for all threads to be
      done in DecodeRemaining in src/dec/idec_dec.c.
    - CVE-2018-25013
    - CVE-2018-25014
  * SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions
    - debian/patches/CVE-2020-36328.patch: fix buffer size check in
      src/dec/buffer_dec.c.
    - CVE-2020-36328
  * SECURITY UPDATE: use-after-free in EmitFancyRGB()
    - debian/patches/CVE-2020-36329.patch: fix thread race
      heap-use-after-free in src/dec/idec_dec.c.
    - CVE-2020-36329
  * SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign()
    - debian/patches/CVE-2020-36330.patch: fix riff size checks in
      src/mux/muxread.c.
    - CVE-2020-36330
  * SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData()
    - debian/patches/CVE-2020-36331.patch: validate chunk_size in
      src/mux/muxi.h, src/mux/muxread.c.
    - CVE-2020-36331
  * SECURITY UPDATE: extreme memory allocation when reading a file
    - debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation
      when reading invalid Huffman codes in src/dec/vp8l_dec.c.
    - debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman
      codes in src/dec/vp8l_dec.c.
    - CVE-2020-36332

 -- Marc Deslauriers <email address hidden>  Thu, 20 May 2021 07:52:26 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates main libs
Bionic security main libs

Downloads

File Size SHA-256 Checksum
libwebp_0.6.1.orig.tar.gz 3.4 MiB a86045e3ec24704bddbaa369ca30980d6bf4f2625f4cdca03715e91f9c08bbb4
libwebp_0.6.1-2ubuntu0.18.04.1.debian.tar.xz 16.4 KiB 54f72e602cd0f3e2a2a6e00d30a5487c7c695893d615c83faf1ec0eade73d9cf
libwebp_0.6.1-2ubuntu0.18.04.1.dsc 2.1 KiB 7b70372b271045413bc5e505c32ab18f3d1091f3534d5197ee37df68fc48a112

View changes file

Binary packages built by this source

libwebp-dev: Lossy compression of digital photographic images.

 Image Compression format, based on the VP8 codec.
 WebP uses the modern VP8 compression format to deliver efficient
 compression of images for the web. More than 30% extra gain over
 optimized JPEG, for same quality, is not unusual.

libwebp6: Lossy compression of digital photographic images.

 Image Compression format, based on the VP8 codec.
 WebP uses the modern VP8 compression format to deliver efficient
 compression of images for the web. More than 30% extra gain over
 optimized JPEG, for same quality, is not unusual.

libwebp6-dbgsym: debug symbols for libwebp6
libwebpdemux2: Lossy compression of digital photographic images.

 Image Compression format, based on the VP8 codec.
 WebP uses the modern VP8 compression format to deliver efficient
 compression of images for the web. More than 30% extra gain over
 optimized JPEG, for same quality, is not unusual.

libwebpdemux2-dbgsym: debug symbols for libwebpdemux2
libwebpmux3: Lossy compression of digital photographic images.

 Image Compression format, based on the VP8 codec.
 WebP uses the modern VP8 compression format to deliver efficient
 compression of images for the web. More than 30% extra gain over
 optimized JPEG, for same quality, is not unusual.

libwebpmux3-dbgsym: debug symbols for libwebpmux3
webp: Lossy compression of digital photographic images.

 Image Compression format, based on the VP8 codec.
 WebP uses the modern VP8 compression format to deliver efficient
 compression of images for the web. More than 30% extra gain over
 optimized JPEG, for same quality, is not unusual.

webp-dbgsym: debug symbols for webp