—

RUSTSEC-2023-0060

libwebp: OOB write in BuildHuffmanTable

상세

[Google](https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html) and [Mozilla](https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/) have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable".

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

crates.io / libwebp-sys2

최초 영향 버전: 0.0.0-0 수정 버전: 0.1.8

Upgrade libwebp-sys2 to 0.1.8 or newer (ecosystem crates.io).

참고

https://crates.io/crates/libwebp-sys2 [PACKAGE]
https://rustsec.org/advisories/RUSTSEC-2023-0060.html [ADVISORY]