Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-5129 - Vulnerability in libwebp huffman table implementation #822

Closed
Balf opened this issue Sep 27, 2023 · 2 comments
Closed

CVE-2023-5129 - Vulnerability in libwebp huffman table implementation #822

Balf opened this issue Sep 27, 2023 · 2 comments
Labels
Trouble-shooting

Comments

@Balf
Copy link

Balf commented Sep 27, 2023
edited
Loading

Hi!

@haraldk Just a quick question: The libwepb library has a vulnerabily in relation to the Huffman tables. I was wondering if ImageIO-webp implementation of the Huffman tables might be affected as well, as I'm not sure if it's a separate implementation or based on the libwebp implementation of these tables.

Kind regards,

Balf
@haraldk
Copy link
Owner

haraldk commented Sep 28, 2023

Hi Balf,

The TwelveMonkeys ImageIO WebP plugin does not use libwebp or other native libraries. Our code is written in Java and not based on libwebp. The CVE describes the issue as a buffer overflow, which is unlikely to happen in Java code.

So to the best of my knowledge, our WebP plugin should not be affected by the vulnerability described in the CVE.

@Balf
Copy link
Author

Balf commented Sep 28, 2023

Hi Harald! Thanks for confirming!

Kind regards, Balf

@Balf Balf closed this as completed Sep 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Trouble-shooting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@haraldk @Balf