CVE-2023-1999
CVSS v3.1
7.5 (High)
EPSS
0.13 % (48th)
Affected Products
1
Advisories
34
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
- CVE Status
- PUBLISHED
- CNA
- Google Inc.
- Published Date
-
2023-06-20 12:15:09
(15 months ago) - Updated Date
-
2023-09-17 09:15:12
(12 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...