Vulnerabilities > Webmproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-21 | CVE-2020-36330 | Out-of-bounds Read vulnerability in multiple products A flaw was found in libwebp in versions before 1.0.1. | 6.4 |
| 2019-05-23 | CVE-2016-9969 | Double Free vulnerability in Webmproject Libwebp 0.5.1 In libwebp 0.5.1, there is a double free bug in libwebpmux. | 5.1 |
| 2019-03-13 | CVE-2019-9746 | NULL Pointer Dereference vulnerability in Webmproject Libwebm In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. | 5.0 |
| 2018-11-12 | CVE-2018-19212 | Always-Incorrect Control Flow Implementation vulnerability in Webmproject Libwebm In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. | 4.3 |
| 2018-01-30 | CVE-2018-6406 | Out-of-bounds Read vulnerability in Webmproject Libwebm The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. | 6.8 |
| 2012-02-23 | CVE-2012-0823 | Improper Input Validation vulnerability in Webmproject Libvpx VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks". | 5.0 |