Shodan
Vulnerabilities
Vulnerable Software
Webmproject:  Security Vulnerabilities
CVE-2018-25013
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
CVSS Score
9.1
EPSS Score
0.001
Published
2021-05-21
CVE-2018-25014
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
CVSS Score
9.8
EPSS Score
0.002
Published
2021-05-21
CVE-2020-36328
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-05-21
CVE-2020-36329
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-05-21
CVE-2020-36330
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVSS Score
9.1
EPSS Score
0.002
Published
2021-05-21
CVE-2020-36331
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-05-21
CVE-2020-36332
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-05-21
CVE-2016-9969
In libwebp 0.5.1, there is a double free bug in libwebpmux.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-05-23
CVE-2019-9746
In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-03-13
CVE-2018-19212
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved