There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
References
Link | Resource |
---|---|
https://chromium.googlesource.com/webm/libwebp | Product |
https://security.gentoo.org/glsa/202309-05 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Google
Published: 2023-06-20T11:28:52.547Z
Updated: 2023-06-20T11:28:52.547Z
Reserved: 2023-04-12T09:40:34.560Z
Link: CVE-2023-1999
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-20T12:15:09.600
Modified: 2023-09-17T09:15:12.183
Link: CVE-2023-1999
JSON object: View
Redhat Information
No data.