Tags: fixed-upstream

Using webp-dev on buster with test file bug.c from the second bug
mentioned above compiled with -lwebp, malloc reported: "free():
corrupted unsorted chunks" within WebPIDelete().

This suggests to me that the bug may be exploitable on systems with
libwebp6 installed - of which there are far more than when this
package was introduced.
https://qa.debian.org/popcon-graph.php?packages=libwebp-dev+libwebp6+libwebpmux3+libwebpdemux2+webp&show_installed=on&want_legend=on&want_ticks=on&from_date=2016-03-01&date_fmt=%25Y-%25m&beenhere=1

As such, I've raised the priority. I don't know which packages use
libwebp6 in threaded mode, but a change in this may not be noted in
changelogs anyway.

As the maintainer appears inactive, I request assistance from the
security team to address this issue.

Best regards,
-- 
Laurence "GreenReaper" Parry - Inkbunny administrator
https://www.greenreaper.co.uk/ - https://inkbunny.net/

Reply via email to