CVE-2018-25013: Buffer Overflow

Q: What is CVE-2018-25013?

CVE-2018-25013 is a heap-based buffer overflow vulnerability found in libwebp in versions before 1.0.1 in the ShiftBytes() function.

Q: What is the severity of CVE-2018-25013?

The severity of CVE-2018-25013 is critical with a CVSS score of 9.1.

Q: Which software versions are affected by CVE-2018-25013?

The following software versions are affected by CVE-2018-25013: libwebp versions before 1.0.1, Mozilla Firefox ESR (up to version 1.0.1), and Redhat Enterprise Linux 8.0.

Q: How can I fix CVE-2018-25013?

To fix CVE-2018-25013, update libwebp to version 1.0.1 or later.

Q: Where can I find more information about CVE-2018-25013?

You can find more information about CVE-2018-25013 at the following references: [Reference 1](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi?id=1956926), [Reference 3](https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6).

Published May 4, 2021

Updated

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().

Affected Software

4 affected componentsFixes available

debian/libwebp

0.6.1-2+deb10u10.6.1-2+deb10u30.6.1-2.1+deb11u21.2.4-0.2+deb12u11.3.2-0.3

redhat/libwebp<1.0.1

1.0.1

webmproject Libwebp<1.0.1

redhat Enterprise Linux=8.0

Remediation

Patch Available

https://bugzilla.redhat.com/show_bug.cgi?id=1956926

Event History

May 21, 2021

CVE Published

via MITRE·04:27 PM

Data Sourced

via MITRE·04:27 PM

DescriptionWeakness

Frequently Asked Questions

What is CVE-2018-25013?

CVE-2018-25013 is a heap-based buffer overflow vulnerability found in libwebp in versions before 1.0.1 in the ShiftBytes() function.

What is the severity of CVE-2018-25013?

The severity of CVE-2018-25013 is critical with a CVSS score of 9.1.

Which software versions are affected by CVE-2018-25013?