CVE-2018-25014

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-25014
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1956927 Issue Tracking Patch Third Party Advisory
https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
History

05 Aug 2022, 16:15

Type Values Removed Values Added
Summary A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
References
  • {'url': 'https://www.debian.org/security/2021/dsa-4930', 'name': 'DSA-4930', 'tags': ['Third Party Advisory'], 'refsource': 'DEBIAN'}
  • {'url': 'http://seclists.org/fulldisclosure/2021/Jul/54', 'name': '20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FULLDISC'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20211104-0004/', 'name': 'https://security.netapp.com/advisory/ntap-20211104-0004/', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html', 'name': '[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html', 'name': '[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://support.apple.com/kb/HT212601', 'name': 'https://support.apple.com/kb/HT212601', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • (MISC) https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 -
  • (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 -

30 Nov 2021, 22:00

Type Values Removed Values Added
References (CONFIRM) https://support.apple.com/kb/HT212601 - Not Applicable (CONFIRM) https://support.apple.com/kb/HT212601 - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0004/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0004/ - Third Party Advisory
CPE cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

17 Nov 2021, 22:16

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0004/ -

10 Nov 2021, 01:15

Type Values Removed Values Added
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References
  • {'url': 'https://security.netapp.com/advisory/ntap-20211104-0004/', 'name': 'https://security.netapp.com/advisory/ntap-20211104-0004/', 'tags': [], 'refsource': 'CONFIRM'}
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT212601 - (CONFIRM) https://support.apple.com/kb/HT212601 - Not Applicable
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Jul/54 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Jul/54 - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-4930 - (DEBIAN) https://www.debian.org/security/2021/dsa-4930 - Third Party Advisory

04 Nov 2021, 09:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Jul/54 -
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0004/ -

23 Jul 2021, 09:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT212601 -

11 Jun 2021, 12:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2021/dsa-4930 -

06 Jun 2021, 21:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html -

05 Jun 2021, 20:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html -

24 May 2021, 18:15

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CWE CWE-908
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1956927 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1956927 - Issue Tracking, Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8

21 May 2021, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-05-21 17:15

Updated : 2024-02-04 21:47

NVD link : CVE-2018-25014

Mitre link : CVE-2018-25014

CVE.ORG link : CVE-2018-25014

JSON object : View

Products Affected

redhat

  • enterprise_linux

webmproject

  • libwebp
CWE
CWE-908

Use of Uninitialized Resource