svenclaesson
commented
1 year ago Merged to vcpkg today
Closed svenclaesson closed 12 months ago
svenclaesson
commented
1 year ago Merged to vcpkg today
saucecontrol
commented
1 year ago Thanks for the heads-up!
saucecontrol
commented
1 year ago Very strange... The original CVE was for Chrome, then Google created a new CVE for libwebp a couple of days ago, which was rejected as a dupe of the earlier one.
In any case, I have pushed an update in f244b74, and new binaries are available in the CI feed. Google's binaries will also work with the MagicScaler plugin if you want to update from their builds.
I'll be publishing a complete new set of packages to NuGet once I get one last MagicScaler bug sorted out, hopefully next week.
svenclaesson
commented
1 year ago Yes, there is a lot of confusion around it. See https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
The original CVE is now updated
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
libwebp needs an upgrade because of critical vulnerability CVE-2023-4863