Thenlie
commented
8 months ago I have added the following code to my Podfile which seems to update this dependency for FastImage. Seems like an acceptable workaround for the time being.
# Dependency chain: RNFastImage -> SDWebImageWebPCoder -> libwebp
pod 'libwebp', '1.3.2', :source => 'https://cdn.cocoapods.org/'
Detailed paths Introduced through: Podfile@0.0.0 › RNFastImage@8.6.3 › SDWebImageWebPCoder@0.8.5 › libwebp@1.2.4 Security information Factors contributing to the scoring: Snyk: CVSS 7.5 - High Severity NVD: Not available. NVD has not yet published its analysis. Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview
libwebp is a Library to encode and decode images in WebP format.
Affected versions of this package are vulnerable to Double Free which can lead to memory corruption and a potentially exploitable crash.