LottieSharp icon indicating copy to clipboard operation
LottieSharp copied to clipboard

Published 20 hours ago verified publisher icon quicoli

[BUG] SkiaSharp vulnerable to CVE-2023-4863

Open foxyPL opened this issue 1 year ago • 0 comments

Describe the bug SkiaSharp vendors (via mono/skia) a version of libwebp that is vulnerable to https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. [BUG] SkiaSharp vendors libwebp vulnerable to CVE-2023-4863

Please:

Update SkiaSharp version which isn't vulnerable to https://github.com/advisories/GHSA-j7hp-h8jx-5ppr anymore.

Patched versions are:

  • 3.x alpha and this is version 3.0.0-alpha.1.27 on the feed https://aka.ms/skiasharp-eap/index.json
  • 2.x stable and this is version 2.88.6 and this is on nuget: https://www.nuget.org/packages/SkiaSharp/2.88.6

To Reproduce n/a

Expected behavior n/a

Screenshots n/a

Desktop (please complete the following information): n/a Smartphone (please complete the following information): n/a

Additional context n/a

foxyPL avatar Jan 19 '24 09:01 foxyPL