libwebp-devel (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package libwebp-devel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2020-36330 — CVSS 9.1 (critical): A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat…
CVE-2020-36331 — CVSS 9.1 (critical): A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from…
CVE-2020-36332 — CVSS 7.5 (high): A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest…
CVE-2023-1999 — CVSS 5.3 (medium): There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free…