Many Linux distributions (Debian, Ubuntu, Alpine, Gentoo, SUSE, etc.).The most popular web browers (Chrome, Firefox, Microsoft Edge, Opera, etc.A variety of utilities that depend on libwebp.Popular container images, “collectively downloaded and deployed billions of times” (e.g., drupal, ngnix, perl, python, ruby, rust, wordpress).Rezilion’s Ofri Ouzan and Yotam Perkal pointed out that the libwebp library can be found in: Rezilion researchers have previously posited that CVE-2023-41064, a buffer overflow vulnerability in the ImageI/O framework recently fixed by Apple and exploited to deliver NSO Group’s Pegasus spyware, and CVE-2023-4863, the aforementioned Chrome zero-day, are effectively the same flaw.Īs it turns out, they were right – hence: CVE-2023-5129. It has received a “perfect” CVSS score (10.0), which means it’s as critical as it can possibly be. The source of the vulnerability is a flawed implementation of the Huffman coding algorithm, which may allow attackers to trigger a heap buffer overflow and to execute arbitrary code.ĬVE-2023-5129 affects libwebp versions 0.5.0 to 1.3.1, and has been fixed in version 1.3.2. The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applications for encoding/decoding the WebP image format. The entry for the latter has been broadened to include its impact to the libwebp library. The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of CVE-2023-4863. 17.2 postinstall /Users/yuhaidong /studying/electron /my-electron-app/node_modules /core -js 安装electron。 npm install -save-dev electron
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |