—

RUSTSEC-2023-0060

libwebp: OOB write in BuildHuffmanTable

Details

[Google](https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html) and [Mozilla](https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/) have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable".

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / libwebp-sys2

Introduced in: 0.0.0-0 Fixed in: 0.1.8

Upgrade libwebp-sys2 to 0.1.8 or newer (ecosystem crates.io).

References

https://crates.io/crates/libwebp-sys2 [PACKAGE]
https://rustsec.org/advisories/RUSTSEC-2023-0060.html [ADVISORY]