[CLSA-2025:1759157126] libwebp: Fix of 3 CVEs
Type:
security
Severity:
Critical
Release date:
2025-09-29 14:45:31 UTC
Description:
- CVE-2020-36329: fix use-after-free vulnerability by delaying thread termination - CVE-2020-36330: fix out-of-bounds read in ChunkVerifyAndAssign function - CVE-2020-36331: fix out-of-bounds read in ChunkAssignData function
Updated packages:
  • libwebp-0.4.3-3.el6.tuxcare.els3.i686.rpm
    sha:eedb79ad488bda718b874d5fc070b7d826c768305c803bc7f090856adf0b6b49
  • libwebp-0.4.3-3.el6.tuxcare.els3.x86_64.rpm
    sha:2113a9c1f9aa00d494a883237f0d83f26b451c1e6cbc360f08ee4f4e2d1ab419
  • libwebp-devel-0.4.3-3.el6.tuxcare.els3.i686.rpm
    sha:5301584433a94b4ea9210fee8a1fc4dcb92fcf17c297ee090c6b512c77012463
  • libwebp-devel-0.4.3-3.el6.tuxcare.els3.x86_64.rpm
    sha:baabe626629f271c1b406c1139d352ff7a0c7307524df9353f79a9c48e66417f
  • libwebp-java-0.4.3-3.el6.tuxcare.els3.x86_64.rpm
    sha:de3f7a019cc3fc56125044aa59d22f22bb9017294acd8af7d97d632f3eb3128b
  • libwebp-tools-0.4.3-3.el6.tuxcare.els3.x86_64.rpm
    sha:fa5dd41e9a9079e2c6c2cf1fc38bddbac13c5a1776e077ffa4e9dba529be76a5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.