[URGENT] CVE-2023-4863 in libwebp below 1.3.2 - XnView Software

[URGENT] CVE-2023-4863 in libwebp below 1.3.2

Moderators: helmut, XnTriq, xnview, Dreamer

3 posts • Page 1 of 1

sandthorn: Posts: 10; Joined: Sat Jan 09, 2010 11:28 am

[URGENT] CVE-2023-4863 in libwebp below 1.3.2

Quote

Post by sandthorn » Tue Oct 10, 2023 3:22 pm

[URGENT] Please update the webp plugin to 1.3.2
- https://github.com/webmproject/libwebp/blob/main/NEWS
- https://nvd.nist.gov/vuln/detail/CVE-2023-4863

I'm not sure whether XnView bundle the vpx plugin.
If so, please also update the vpx plugin to 1.13.1
- https://github.com/webmproject/libvpx/b ... /CHANGELOG
- https://nvd.nist.gov/vuln/detail/CVE-2023-5217

High-Severity Vulnerabilities Discovered in WebM Project’s Libraries
https://www.paloaltonetworks.com/blog/p ... libraries/

xnview: Author of XnView; Posts: 46236; Joined: Mon Oct 13, 2003 7:31 am; Location: France; Contact:
Contact xnview

Website Facebook Twitter

Re: [URGENT] CVE-2023-4863 in libwebp below 1.3.2

Quote

Post by xnview » Tue Oct 10, 2023 5:20 pm

Please check this post

Pierre.

sandthorn: Posts: 10; Joined: Sat Jan 09, 2010 11:28 am

Re: [URGENT] CVE-2023-4863 in libwebp below 1.3.2

Quote

Post by sandthorn » Wed Oct 11, 2023 3:20 pm

Got the hot patch. Looking forward to the 1.6. Thank you.

Post Reply

3 posts • Page 1 of 1

Return to “New”