Update info about CVE-2023-5129 (#1793)

2025-12-27 23:08:06 +01:00 · 2023-09-26 14:50:50 +01:00
parent 8c5609f192
commit b2af5ad856
2 changed files with 4 additions and 4 deletions
--- a/crates/libwebp-sys/RUSTSEC-2023-0061.md
+++ b/crates/libwebp-sys/RUSTSEC-2023-0061.md
@@ -5,7 +5,7 @@ package = "libwebp-sys"
 date = "2023-09-12"
 categories = ["memory-corruption"]
 keywords = ["webp"]
-aliases = ["CVE-2023-4863"]
+aliases = ["CVE-2023-5129", "CVE-2023-4863"]

 [versions]
 patched = [">= 0.9.3"]
@@ -15,4 +15,4 @@ patched = [">= 0.9.3"]

 [Google](https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html) and [Mozilla](https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/) have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

-libwebp needs to be updated to include a patch for "OOB write in BuildHuffmanTable".
+libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable".
--- a/crates/libwebp-sys2/RUSTSEC-2023-0060.md
+++ b/crates/libwebp-sys2/RUSTSEC-2023-0060.md
@@ -5,7 +5,7 @@ package = "libwebp-sys2"
 date = "2023-09-12"
 categories = ["memory-corruption"]
 keywords = ["webp"]
-aliases = ["CVE-2023-4863"]
+aliases = ["CVE-2023-5129", "CVE-2023-4863"]

 [versions]
 patched = [">= 0.1.8"]
@@ -15,4 +15,4 @@ patched = [">= 0.1.8"]

 [Google](https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html) and [Mozilla](https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/) have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

-libwebp needs to be updated to include a patch for "OOB write in BuildHuffmanTable".
+libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable".