Vulnerability CVE-2023-1999: Information

Description

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. 

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: June 20, 2023
Modified: Sept. 17, 2023
Error type identifier: CWE-415CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefox-esrsisyphus102.10.0-alt1115.9.1-alt1ALT-PU-2023-1649-1318816Fixed
firefox-esrp10102.10.0-alt1115.9.1-alt1ALT-PU-2023-1797-1319671Fixed
firefox-esrp9102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4365-2324721Fixed
firefox-esrc10f1102.10.0-alt1115.9.1-alt0.c10.1ALT-PU-2023-1797-1319671Fixed
firefox-esrc9f2102.10.0-alt0.c9.1102.12.0-alt0.c9.1ALT-PU-2023-1758-1319753Fixed
libwebpsisyphus1.3.1-alt11.3.2-alt1ALT-PU-2023-2105-1323891Fixed
libwebpsisyphus_e2k1.3.1-alt11.3.2-alt1ALT-PU-2023-4080-1-Fixed
libwebpsisyphus_mipsel1.3.1-alt11.3.2-alt1ALT-PU-2023-4066-1-Fixed
libwebpsisyphus_riscv641.3.1-alt11.3.2-alt1ALT-PU-2023-4073-1-Fixed
libwebpp101.3.2-alt11.3.2-alt1ALT-PU-2023-7312-5334597Fixed
libwebpp10_e2k1.3.2-alt11.3.2-alt1ALT-PU-2023-8290-1-Fixed
libwebpc9f21.3.2-alt11.3.2-alt1ALT-PU-2023-5876-3330397Fixed
thunderbirdsisyphus102.10.0-alt1115.9.0-alt1ALT-PU-2023-1648-1318817Fixed
thunderbirdp10102.10.0-alt1115.9.0-alt1ALT-PU-2023-1783-1319782Fixed
thunderbirdp9102.11.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-4366-2324721Fixed
thunderbirdc10f1102.10.0-alt1115.9.0-alt0.c10.1ALT-PU-2023-1783-1319782Fixed
thunderbirdc9f2102.10.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2023-1765-1319783Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*
      Start including
      0.4.2
      End excliding
      1.3.1