"The bad news is that Android is still likely affected. Specifically, it is a heap buffer overflow issue within the Huffman coding algorithm used for lossless compression in WebP.īy crafting malicious WebP images and getting victims to open them, attackers could leverage this bug to execute arbitrary code and access sensitive user data.īen Hawkes (former Project Zero manager) also wrote about this 0day, and he had this to say about it: The vulnerability exists in the lossless compression component of the open-source libwebp library that provides encoding and decoding of images in WebP format. Earlier the vulnerability was reclassified as CVE-2023-5129 and correctly attributed as a flaw in libwebp with a maximum 10/10 severity rating by Google, but now the entry for CVE-2023-5129 has been taken down (rejected) and details on CVE-2023-4863 have been corrected to indicate that it's in libwebp and not just "Google Chrome". ![]() Originally reported by Apple and Citizen Lab which was tracked as CVE-2023-4863 specific to Google Chrome. WebP 0day - Google Assign New CVE for libwebp Vulnerability - Cyber Kendra Ī critical zero-day vulnerability recently disclosed in the WebP image library also known as 0day in WebP poses a significant security risk across numerous software applications and platforms.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |