[URGENT] CVE-2023-4863 in libwebp below 1.3.2

*** Please report new bugs here! ***

Moderators: XnTriq, helmut, xnview, Dreamer

sandthorn
Posts: 10
Joined: Sat Jan 09, 2010 11:28 am

[URGENT] CVE-2023-4863 in libwebp below 1.3.2

Post by sandthorn »

[URGENT] Please update the webp plugin to 1.3.2
- https://github.com/webmproject/libwebp/blob/main/NEWS
- https://nvd.nist.gov/vuln/detail/CVE-2023-4863

I'm not sure whether XnView bundle the vpx plugin.
If so, please also update the vpx plugin to 1.13.1
- https://github.com/webmproject/libvpx/b ... /CHANGELOG
- https://nvd.nist.gov/vuln/detail/CVE-2023-5217

High-Severity Vulnerabilities Discovered in WebM Project’s Libraries
https://www.paloaltonetworks.com/blog/p ... libraries/
User avatar
xnview
Author of XnView
Posts: 44470
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: [URGENT] CVE-2023-4863 in libwebp below 1.3.2

Post by xnview »

Please check this post
Pierre.
sandthorn
Posts: 10
Joined: Sat Jan 09, 2010 11:28 am

Re: [URGENT] CVE-2023-4863 in libwebp below 1.3.2

Post by sandthorn »

Got the hot patch. Looking forward to the 1.6. Thank you.