Processed: Re: Bug#914315: libwebp-dev: New versions fix disclosed heap use-after-free

Processing control commands: > severity -1 wishlist Bug #914315 [libwebp-dev] libwebp-dev: New versions fix disclosed heap use-after-free Severity set to 'wishlist' from 'grave' -- 914315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914315 Debian Bug Tracking System Contact ow...@bugs.deb

Bug#914315: libwebp-dev: New versions fix disclosed heap use-after-free

Control: severity -1 wishlist On 2021-03-16 09:27:12 +, Laurence Parry wrote: > Tags: fixed-upstream > > Using webp-dev on buster with test file bug.c from the second bug > mentioned above compiled with -lwebp, malloc reported: "free(): > corrupted unsorted chunks" within WebPIDelete(). > >

Bug#914315: libwebp-dev: New versions fix disclosed heap use-after-free

Tags: fixed-upstream Using webp-dev on buster with test file bug.c from the second bug mentioned above compiled with -lwebp, malloc reported: "free(): corrupted unsorted chunks" within WebPIDelete(). This suggests to me that the bug may be exploitable on systems with libwebp6 installed - of which