{"id":"CLSA-2026-1777974224","summary":"libwebp: Fix of 6 CVEs","details":"- CVE-2018-25009: fix out-of-bounds read in GetLE16() by validating VP8X\n  chunk size\n- CVE-2018-25010: fix heap-based buffer overflow in ApplyFilter() by\n  limiting filter radius to image dimensions\n- CVE-2018-25011: fix heap-based buffer overflow in PutLE16() by\n  rejecting multiple image chunks in ANMF frames\n- CVE-2018-25012: fix out-of-bounds read in GetLE24() by validating VP8X\n  chunk size\n- CVE-2018-25013: fix heap-based buffer overflow in ShiftBytes() by\n  synchronizing threads in DecodeRemaining\n- CVE-2018-25014: fix use of uninitialized value in ReadSymbol() by\n  validating decoder readiness and synchronizing threads","modified":"2026-05-27T11:18:21.571781963Z","published":"2026-05-05T23:41:05Z","upstream":["CVE-2018-25009","CVE-2018-25010","CVE-2018-25011","CVE-2018-25012","CVE-2018-25013","CVE-2018-25014"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos6els/CLSA-2026-1777974224.html"}],"affected":[{"package":{"name":"libwebp","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/libwebp?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.3-3.el6.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2026-1777974224.json"}},{"package":{"name":"libwebp-devel","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/libwebp-devel?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.3-3.el6.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2026-1777974224.json"}},{"package":{"name":"libwebp-java","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/libwebp-java?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.3-3.el6.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2026-1777974224.json"}},{"package":{"name":"libwebp-tools","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/libwebp-tools?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.3-3.el6.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2026-1777974224.json"}}],"schema_version":"1.7.5"}