Skip to content

Update the version of libwebp used #3

Description

@xTrayambak

This library uses its own in-tree version of libwebp, which was last modified 4 years ago. In that time, multiple high-severity CVEs have been found in libwebp. The worst is:

CVE-2023-4863: Out of bounds memory write via a maliciously crafted WebP image (CVE rating of 10/10)

Until this is fixed, this library is vulnerable to said attack and is unsafe to use!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions