Tags: fixed-upstream Using webp-dev on buster with test file bug.c from the second bug mentioned above compiled with -lwebp, malloc reported: "free(): corrupted unsorted chunks" within WebPIDelete().
This suggests to me that the bug may be exploitable on systems with libwebp6 installed - of which there are far more than when this package was introduced. https://qa.debian.org/popcon-graph.php?packages=libwebp-dev+libwebp6+libwebpmux3+libwebpdemux2+webp&show_installed=on&want_legend=on&want_ticks=on&from_date=2016-03-01&date_fmt=%25Y-%25m&beenhere=1 As such, I've raised the priority. I don't know which packages use libwebp6 in threaded mode, but a change in this may not be noted in changelogs anyway. As the maintainer appears inactive, I request assistance from the security team to address this issue. Best regards, -- Laurence "GreenReaper" Parry - Inkbunny administrator https://www.greenreaper.co.uk/ - https://inkbunny.net/