XnView Software

Various discussion boards for XnView and related products
https://newsgroup.xnview.com/

WebP format has security issues

https://newsgroup.xnview.com/viewtopic.php?t=46085

Page 1 of 1

WebP format has security issues

Posted: Fri Sep 15, 2023 5:28 am
by masterjp
There is a security issue in webp format, which can produce a heap overflow.
All photo progams use an old webp library, which has this bug.
I think me must wait until the developer of the webp library has fixed the bug.

https://securityboulevard.com/2023/09/p ... tical-bug/

https://www.techtarget.com/searchsecuri ... nerability

Re: WebP format has security issues

Posted: Fri Sep 15, 2023 6:05 am
by xnview
it's fixed in libwebp v1.3.2

Re: WebP format has security issues

Posted: Sun Sep 17, 2023 12:34 am
by viewerr
xnview wrote: Fri Sep 15, 2023 6:05 am it's fixed in libwebp v1.3.2
how do we install it?
I heard there are already exploits out there with prepared webp images?!

Re: WebP format has security issues

Posted: Wed Sep 20, 2023 6:01 pm
by masterjp
It is not possible to replace the libwebp.dll by yourself.
In the past you could use the library of XnConvert, if it used a newer library.

Please wait until the next release of XnviewMP.

P.S.: IrfanView 4.62 has the latest bug fixed webp 1.32. But you must install it manually.
It is not compatible with Xnviewmp.

Re: WebP format has security issues

Posted: Thu Sep 21, 2023 6:58 am
by xnview
please try to replace with this version

Re: WebP format has security issues

Posted: Fri Sep 22, 2023 12:37 am
by viewerr
xnview wrote: Thu Sep 21, 2023 6:58 am please try to replace with this version
thanks!
seems to work :)

Re: WebP format has security issues

Posted: Fri Sep 22, 2023 11:24 am
by masterjp
Wonderful! Thank you so much! :D

Re: WebP format has security issues

Posted: Thu Nov 23, 2023 3:47 pm
by kesdoputr
xnview wrote: Thu Sep 21, 2023 6:58 am please try to replace with this version
Hello, is the webp plugin has 32bits?
XnView MP x64 newest version is 1.6.2 with libwebp 1.3.2
but XnView MP x32 newest version is 1.5.5 and the libwebp still 1.3.0

Thanks for your reading.

ps.A suggestion, nconvert x64 now include webp plugin but x32 don't, maybe it's better that nconvert x32 also include the webp plugin. :D

Re: WebP format has security issues

Posted: Fri Nov 24, 2023 9:04 am
by xnview
kesdoputr wrote: Thu Nov 23, 2023 3:47 pm Hello, is the webp plugin has 32bits?
XnView MP x64 newest version is 1.6.2 with libwebp 1.3.2
but XnView MP x32 newest version is 1.5.5 and the libwebp still 1.3.0
Here is with this version
ps.A suggestion, nconvert x64 now include webp plugin but x32 don't, maybe it's better that nconvert x32 also include the webp plugin. :D
ok

Re: WebP format has security issues

Posted: Fri Nov 24, 2023 10:55 am
by kesdoputr
xnview wrote: Fri Nov 24, 2023 9:04 am
kesdoputr wrote: Thu Nov 23, 2023 3:47 pm Hello, is the webp plugin has 32bits?
XnView MP x64 newest version is 1.6.2 with libwebp 1.3.2
but XnView MP x32 newest version is 1.5.5 and the libwebp still 1.3.0
Here is with this version
ps.A suggestion, nconvert x64 now include webp plugin but x32 don't, maybe it's better that nconvert x32 also include the webp plugin. :D
ok
Thanks for the reply, it works great. :D
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited