jaichaudhry
commented
1 week ago @mjtalbot Could you please take a look at this, this is very important security fix that should be rolled out
Open jaichaudhry opened 1 month ago
jaichaudhry
commented
1 week ago @mjtalbot Could you please take a look at this, this is very important security fix that should be rolled out
Description
Rive framework uses Rive-Skia, which is using outdated libwebp version which is prone to a grave security issue CVE issue link. Please also refer this link
Provide a Repro
Any latest Rive framework will have this issue, Rive example is also a good option.
Additional context
This is a very dangerous security problem and makes all the app using Rive prone to this security problem. The Skia branch Rive is using is very old and does not contain the latest Version libwebp version of 1.4.0. (This issue was fixed in libwebp 1.3.2). highly recommend updating the libwebp version being used in Skia branch.
Here is one more helpful link