OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-15 22:04:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7bfe993af30e7238df5045c1f24bb41b5c17653b
advisory-db/crates/libwebp-sys2/RUSTSEC-2023-0060.md
Kornel b2af5ad856 Update info about CVE-2023-5129 (#1793)
2023-09-26 15:50:50 +02:00

19 lines
681 B
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2023-0060"
package = "libwebp-sys2"
date = "2023-09-12"
categories = ["memory-corruption"]
keywords = ["webp"]
aliases = ["CVE-2023-5129", "CVE-2023-4863"]
[versions]
patched = [">= 0.1.8"]
```
# libwebp: OOB write in BuildHuffmanTable
[Google](https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html) and [Mozilla](https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/) have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.
libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable".
Reference in New Issue View Git Blame Copy Permalink