It has received a “perfect” CVSS score (10.0), which means it’s as critical as it can possibly be. The source of the vulnerability is a flawed implementation of the Huffman coding algorithm, which may allow attackers to trigger a heap buffer overflow and to execute arbitrary code.ĬVE-2023-5129 affects libwebp versions 0.5.0 to 1.3.1, and has been fixed in version 1.3.2. The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applications for encoding/decoding the WebP image format. The entry for the latter has been broadened to include its impact to the libwebp library. The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of CVE-2023-4863.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |