Security update for libwebp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01639-2 Final 1 1 2025-06-10T08:12:48Z current 2025-06-10T08:12:48Z 2025-06-10T08:12:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libwebp This update for libwebp fixes the following issues: - CVE-2016-9969: freeing of uninitialized memory pointer in SetFrame() of AnimEncoder can lead to double free (bsc#1136199). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1639,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1639,SUSE-SLE-Product-WE-15-SP7-2025-1639 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501639-2/ Link for SUSE-SU-2025:01639-2 https://lists.suse.com/pipermail/sle-updates/2025-June/040204.html E-Mail link for SUSE-SU-2025:01639-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1136199 SUSE Bug 1136199 https://www.suse.com/security/cve/CVE-2016-9969/ SUSE CVE CVE-2016-9969 page SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 libwebp-devel-0.5.0-150000.3.17.1 libwebp-devel-32bit-0.5.0-150000.3.17.1 libwebp-devel-64bit-0.5.0-150000.3.17.1 libwebp-tools-0.5.0-150000.3.17.1 libwebp6-0.5.0-150000.3.17.1 libwebp6-32bit-0.5.0-150000.3.17.1 libwebp6-64bit-0.5.0-150000.3.17.1 libwebpdecoder2-0.5.0-150000.3.17.1 libwebpdecoder2-32bit-0.5.0-150000.3.17.1 libwebpdecoder2-64bit-0.5.0-150000.3.17.1 libwebpdemux2-0.5.0-150000.3.17.1 libwebpdemux2-32bit-0.5.0-150000.3.17.1 libwebpdemux2-64bit-0.5.0-150000.3.17.1 libwebpextras0-0.5.0-150000.3.17.1 libwebpextras0-32bit-0.5.0-150000.3.17.1 libwebpextras0-64bit-0.5.0-150000.3.17.1 libwebpmux2-0.5.0-150000.3.17.1 libwebpmux2-32bit-0.5.0-150000.3.17.1 libwebpmux2-64bit-0.5.0-150000.3.17.1 libwebp6-32bit-0.5.0-150000.3.17.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libwebp6-0.5.0-150000.3.17.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 In libwebp 0.5.1, there is a double free bug in libwebpmux. CVE-2016-9969 SUSE Linux Enterprise Module for Package Hub 15 SP7:libwebp6-32bit-0.5.0-150000.3.17.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwebp6-0.5.0-150000.3.17.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501639-2/ https://www.suse.com/security/cve/CVE-2016-9969.html CVE-2016-9969 https://bugzilla.suse.com/1136199 SUSE Bug 1136199