{ "threat_severity" : "Important", "public_date" : "2018-07-30T00:00:00Z", "bugzilla" : { "description" : "libwebp: heap-based buffer overflow in PutLE16()", "id" : "1956919", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, "cvss3" : { "cvss3_base_score" : "9.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().", "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement" : "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2021-06-07T00:00:00Z", "advisory" : "RHSA-2021:2260", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "libwebp-0:0.3.0-10.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2021-06-08T00:00:00Z", "advisory" : "RHSA-2021:2328", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "qt5-qtimageformats-0:5.9.7-2.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-06-09T00:00:00Z", "advisory" : "RHSA-2021:2354", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "libwebp-0:1.0.0-3.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2021-06-09T00:00:00Z", "advisory" : "RHSA-2021:2365", "cpe" : "cpe:/a:redhat:rhel_eus:8.1", "package" : "libwebp-0:1.0.0-4.el8_1" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2021-06-09T00:00:00Z", "advisory" : "RHSA-2021:2364", "cpe" : "cpe:/a:redhat:rhel_eus:8.2", "package" : "libwebp-0:1.0.0-4.el8_2" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-controller-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-operator-bundle:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-registry-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-ui-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-rhel8:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "libwebp", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-25011\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-25011" ], "name" : "CVE-2018-25011", "csaw" : false }