VDB
CVE-2020-36332
CVE-2020-36332
PUBLISHED
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
EPSS 0.82% · 74.7th percentile
Risk Scores
EPSS Score
0.82%
74.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libwebp | 0.6.0-3, 0.6.0-4, 0.6.1-1 |
| Ubuntu:Pro:16.04:LTS | libwebp | 0, 0.4.3-1.3, 0.4.3-1.3build1 |
| Ubuntu:20.04:LTS | libwebp | 0, 0.6.1-2 |
Timeline
- Dec 31, 2020 CVE Published
- May 22, 2021 EPSS Score
- Jul 24, 2021 EPSS Score
- Sep 24, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 25, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 27, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Nov 29, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36332 third-party-advisory
- https://ubuntu.com/security/notices/USN-4971-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36332 third-party-advisory