New Critical CVE for libwebp

Another day and another major CVE is uncovered. This is a nasty one. Libwebp is used to decode webp images, though not as popular as jpg, is still fairly common. The vulnerability has been fixed in the latest release.

The vulnerability is a heap buffer overflow in it’s compression algorithm in earlier versions of Chrome(prior to 116.0.5845.187). It also affects other software, such as, 1PasswordSignal, Safari, Mozilla Firefox, Microsoft Edge, Opera, and the native Android web browsers.

See more details here.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.