Security problem - old webp Plugin ( CVE-2023-4863 )

*** Please report new bugs here! ***

Moderators: XnTriq, helmut, xnview, Dreamer

psyca
Posts: 2
Joined: Mon Oct 02, 2023 6:25 am

Security problem - old webp Plugin ( CVE-2023-4863 )

Post by psyca »

If i look in the /XnViewMP/plugins directory i see different webp.dll_s with version 1.3.0.
Since there is an security bug (buffer overflow) in versions before 1.3.2 its recommend to update the dlls.

https://nvd.nist.gov/vuln/detail/CVE-2023-4863
User avatar
xnview
Author of XnView
Posts: 44470
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: Security problem - old webp Plugin ( CVE-2023-4863 )

Post by xnview »

plese check this post
Pierre.
psyca
Posts: 2
Joined: Mon Oct 02, 2023 6:25 am

Re: Security problem - old webp Plugin ( CVE-2023-4863 )

Post by psyca »

Are there any plans to release XNV-MP 1.5.6 with the updated lib (Hotfix update) soon?
User avatar
xnview
Author of XnView
Posts: 44470
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: Security problem - old webp Plugin ( CVE-2023-4863 )

Post by xnview »

1.6.0 will be available soon
Pierre.