Is Alamofire image vulnerable to CVE-2023-4863 - Githubissues

Alamofire / AlamofireImage

AlamofireImage is an image component library for Alamofire

MIT License

3.99k stars 523 forks source link

Is Alamofire image vulnerable to CVE-2023-4863 #471

Closed halolee closed 1 year ago

halolee commented 1 year ago

Hi Alamofire team,

Is Alamofire image vulnerable to CVE-2023-4863 [libWebP buffer overflow]

[x] I've read, understood, and done my best to follow the *CONTRIBUTING guidelines.

What did you do?

I performed a string search for libWebP and web, but nothing showed up.

What did you expect to happen?

I expect to find a dependency that is responsible for webP processing.

What happened instead?

I didn't find any dependency.

Alamofire Environment

Alamofire version:4.1.0 Xcode version:15 Swift version:5.0 Platform(s) running AlamofireImage: macOS version running Xcode:13.6

Kind regards,

Hao

jshier commented 1 year ago

AlamofireImage uses the system decoding libraries, so make sure you're running the latest OS version to avoid that issue.