Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
libwebp to version 0.5.2-1+deb9u1 or higher.