Fix vulnerability in dependency libwebp

Giphy / giphy-ios-sdk

Home of the GIPHY SDK iOS example app, along with iOS SDK documentation, issue tracking, & release notes.

https://developers.giphy.com/

Mozilla Public License 2.0

112 stars 51 forks source link

Fix vulnerability in dependency libwebp #239

Closed jguerreiro-sqsp closed 7 months ago

jguerreiro-sqsp commented 1 year ago

🐛 Bug Report

Any chance you can update the package version of libwebp? A vulnerability has been reported and 1.3.2 is the first version of the library that fixes it - https://www.cve.org/CVERecord?id=CVE-2023-4863

I'm not sure this is reproducible in iOS apps but better safe than sorry, specially when a package update does the trick.

cgmaier commented 1 year ago

thanks so much for flagging this @jguerreiro-sqsp !

cgmaier commented 10 months ago

hey @jguerreiro-sqsp as the sdk doesn't specify a specific version for the libwebp dependency it's not clear to me what we can do here but just to be safe i updated the version referenced in the environment where the SDK is compiled.