High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-30	CVE-2023-44488	Improper Handling of Exceptional Conditions vulnerability in multiple products VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. network low complexity webmproject redhat debian fedoraproject CWE-755	7.5
2023-09-28	CVE-2023-5217	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity webmproject microsoft mozilla fedoraproject debian apple google redhat CWE-787	8.8
2023-09-12	CVE-2023-4863	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. network low complexity google fedoraproject debian mozilla microsoft webmproject netapp bentley bandisoft CWE-787	8.8
2023-06-20	CVE-2023-1999	Use After Free vulnerability in Webmproject Libwebp There exists a use after free/double free in libwebp. network low complexity webmproject CWE-416	7.5
2021-05-21	CVE-2020-36332	Resource Exhaustion vulnerability in multiple products A flaw was found in libwebp in versions before 1.0.1. network low complexity webmproject redhat debian netapp CWE-400	7.5
2019-05-23	CVE-2016-9969	Double Free vulnerability in Webmproject Libwebp 0.5.1 In libwebp 0.5.1, there is a double free bug in libwebpmux. network high complexity webmproject CWE-415	7.5
2019-03-13	CVE-2019-9746	NULL Pointer Dereference vulnerability in Webmproject Libwebm In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. network low complexity webmproject CWE-476	7.5
2018-01-30	CVE-2018-6406	Out-of-bounds Read vulnerability in Webmproject Libwebm The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. network low complexity webmproject CWE-125	8.8