升级libwebp到1.3.2 - Githubissues

zjupure / GlideWebpDecoder

A Glide WebpDecoder Intergration Library for decoding and displaying webp images

Apache License 2.0

740 stars 91 forks source link

升级libwebp到1.3.2 #118

Closed Fairtoys closed 9 months ago

Fairtoys commented 9 months ago

libwebp小于1.3.2的版本有漏洞

漏洞简述：CVE-2023-4863是WebP代码库（libwebp）中的堆缓冲溢出，恶意攻击者利用恶意WebP格式图片，可导致任意代码执行，进而控制用户设备并窃取设备敏感数据。请各业务自行排查并加快修复和发布计划。是否已有实际攻击利用：是。漏洞名称：WebP代码库（libwebp）中堆缓冲溢出风险评级：严重

ChinaZeng commented 9 months ago

大家有处理方案吗？自己拉取自己编译？

zjupure commented 9 months ago

duplicate with #117