You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As we can see - https://devhub.checkmarx.com/cve-details/CVE-2023-4863/ says that package is vulnerable.
Description: A Heap-Based Buffer Overflow vulnerability in "libwebp" in versions prior to 1.3.2 allows an attacker to perform an out-of-bounds memory write. The vulnerability could be exploited by a remote attacker via a crafted HTML page, potentially leading to unauthorized code execution or a denial of service condition. To exploit the vulnerability, the user must be able to manipulate the value in "color_cache_bits". This package is used by various applications that are also affected if a vulnerable version of "libwebp" is in use, including Google Chrome in versions prior to 116.0.5845.187.
The text was updated successfully, but these errors were encountered:
As we can see - https://devhub.checkmarx.com/cve-details/CVE-2023-4863/ says that package is vulnerable.
Description:
A Heap-Based Buffer Overflow vulnerability in "libwebp" in versions prior to 1.3.2 allows an attacker to perform an out-of-bounds memory write. The vulnerability could be exploited by a remote attacker via a crafted HTML page, potentially leading to unauthorized code execution or a denial of service condition. To exploit the vulnerability, the user must be able to manipulate the value in "color_cache_bits". This package is used by various applications that are also affected if a vulnerable version of "libwebp" is in use, including Google Chrome in versions prior to 116.0.5845.187.
The text was updated successfully, but these errors were encountered: