USN-4971-1: libwebp vulnerabilities
1 June 2021
libwebp could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
Packages
- libwebp - Lossy compression of digital photographic images.
Details
It was discovered that libwebp incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image file, a remote attacker could use this issue to cause libwebp
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04
-
libwebp6
-
0.6.1-2ubuntu0.21.04.1
-
libwebpmux3
-
0.6.1-2ubuntu0.21.04.1
-
libwebpdemux2
-
0.6.1-2ubuntu0.21.04.1
Ubuntu 20.10
-
libwebp6
-
0.6.1-2ubuntu0.20.10.1
-
libwebpmux3
-
0.6.1-2ubuntu0.20.10.1
-
libwebpdemux2
-
0.6.1-2ubuntu0.20.10.1
Ubuntu 20.04
-
libwebp6
-
0.6.1-2ubuntu0.20.04.1
-
libwebpmux3
-
0.6.1-2ubuntu0.20.04.1
-
libwebpdemux2
-
0.6.1-2ubuntu0.20.04.1
Ubuntu 18.04
-
libwebp6
-
0.6.1-2ubuntu0.18.04.1
-
libwebpmux3
-
0.6.1-2ubuntu0.18.04.1
-
libwebpdemux2
-
0.6.1-2ubuntu0.18.04.1
In general, a standard system update will make all the necessary changes.
Related notices
- USN-4971-2: libwebpdemux1, webp, libwebpmux1, libwebp-dev, libwebp, libwebp5