cwebp-bin icon indicating copy to clipboard operation
cwebp-bin copied to clipboard

Published 20 hours ago verified publisher icon imagemin

Does this suffer from the libwebp vulnerability?

Open tehandyb opened this issue 1 year ago • 2 comments

The vulnerability was just discovered recently, here's more info https://www.helpnetsecurity.com/2023/09/27/cve-2023-5129/

tehandyb avatar Sep 28 '23 21:09 tehandyb

Another developer using this library here: I was wodnering about this too, as i noticed its install.js explicitly downloads libwebp 1.2.1, which is a vulnerable version. Is it possible to upgrade this to a more recent >= 1.3.2?

dsapit avatar Oct 05 '23 23:10 dsapit

CVE-2023-5129 was merged into CVE-2023-4863. I've posted an update for the source and binaries.

jzern avatar Oct 13 '23 19:10 jzern