oss-sec mailing list archives
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 22 Sep 2023 07:28:17 +0200
On Thu, 21 Sep 2023 22:52:50 +0200 Solar Designer <solar () openwall com> wrote:
However, another maybe-important one also made it into 1.3.2:
commit 95ea5226c870449522240ccff26f0b006037c520
Author: Vincent Rabaud <vrabaud () google com>
Date: Mon Sep 11 16:06:08 2023 +0200
Fix invalid incremental decoding check.
It does not look to me that this fix is in 1.3.2: https://github.com/webmproject/libwebp/commits/v1.3.2 I've seen this commit as well and have been wondering for a few days if we'll hear about abother libwebp issue soon. -- Hanno Böck https://hboeck.de/
Current thread:
- CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 21)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Hanno Böck (Sep 21)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Vincent Rabaud (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Vincent Rabaud (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Hanno Böck (Sep 21)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Marc Deslauriers (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Rodrigo Freire (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 26)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Salvatore Bonaccorso (Sep 28)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Jeffrey Walton (Sep 28)