Integer Overflow or Wraparound The advisory has been revoked - it doesn't affect any version of package libwebp Open this link in a new tab

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:18.04.

Note: Versions mentioned in the description apply only to the upstream libwebp package and not the libwebp package as distributed by Ubuntu.

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9085
• https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
• https://security-tracker.debian.org/tracker/CVE-2016-9085
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5Q42J7EJDKQKWTTHCO4YZMOMP74YPQ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTR2ZW67TMT7KC24RBENIF25KWUJ7VPD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SH6X3MWD5AHZC5JT4625PGFHAYLR7YW7/
• https://security.gentoo.org/glsa/201701-61
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://www.openwall.com/lists/oss-security/2016/10/27/3
• https://bugzilla.redhat.com/show_bug.cgi?id=1389338
• http://www.securityfocus.com/bid/93928
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LG5Q42J7EJDKQKWTTHCO4YZMOMP74YPQ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTR2ZW67TMT7KC24RBENIF25KWUJ7VPD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SH6X3MWD5AHZC5JT4625PGFHAYLR7YW7/