CVE-2023-1999
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
Affected (1)
Products: Webmproject: Libwebp
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 0.4.2 to 1.3.1 |
Related CWEs
CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
References (4)
Source: cve-coordination@google.com
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.