XnView Software

Various discussion boards for XnView and related products
https://newsgroup.xnview.com/

[URGENT] CVE-2023-4863 in libwebp below 1.3.2

https://newsgroup.xnview.com/viewtopic.php?t=46238

Page 1 of 1

[URGENT] CVE-2023-4863 in libwebp below 1.3.2

Posted: Tue Oct 10, 2023 3:22 pm
by sandthorn
[URGENT] Please update the webp plugin to 1.3.2
- https://github.com/webmproject/libwebp/blob/main/NEWS
- https://nvd.nist.gov/vuln/detail/CVE-2023-4863

I'm not sure whether XnView bundle the vpx plugin.
If so, please also update the vpx plugin to 1.13.1
- https://github.com/webmproject/libvpx/b ... /CHANGELOG
- https://nvd.nist.gov/vuln/detail/CVE-2023-5217

High-Severity Vulnerabilities Discovered in WebM Project’s Libraries
https://www.paloaltonetworks.com/blog/p ... libraries/

Re: [URGENT] CVE-2023-4863 in libwebp below 1.3.2

Posted: Tue Oct 10, 2023 5:20 pm
by xnview
Please check this post

Re: [URGENT] CVE-2023-4863 in libwebp below 1.3.2

Posted: Wed Oct 11, 2023 3:20 pm
by sandthorn
Got the hot patch. Looking forward to the 1.6. Thank you.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited