We scanned the same host (a CentOS Linux release 7.6.1810 (Core)) with two vulnerability scanners (Nessus and Rapid7).
- Rapid7 reported that
libwebp-0:0.3.0-7.el7.x86_64is vulnerable CVE-2020-36328. - Nessus did not report a vulnerability, the plugin CentOS 7 : qt5-qtimageformats (CESA-2021:2328) did not fire.
The installed library (libwebp-0:0.3.0-7.el7.x86_64) is used by python-pillow-0:2.0.0-19.gitd1c6db8.el7.x86_64 and not by qt5-qtimageformats (against which the test is done)
My question: which one these two scanners is reporting correct information?
Or in other words: is this vulnerability strictly linked to the package that uses it, or is a standalone library vulnerable as well?
