Libwebp
CVE-2016-9085
LOW
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
AnalysisAI
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. Affected products include: Webmproject Libwebp, Fedoraproject Fedora.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
There exists a use after free/double free in libwebp. Rated high severity (CVSS 7.5), this vulnerability is remotely exp
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today