Corrine Posted September 14 Share Posted September 14 From PC World: A severe vulnerability has been found in libwebp, a code library used to render webp images, reports Stack Diary. Webp is a popular image format used by many sites on the Internet – but also by apps and some other software that use web views – and the vulnerability can be used, among other things, to run malicious code on affected devices. Worse yet, it is reportedly being actively exploited by malicious attackers. The vulnerability has been labelled CVE-2023-4863 and is considered extremely serious. Major browsers such as Chrome, Edge, Firefox, Opera, Vivaldi, and Brave have already released security fixes. To make sure you have the latest version of a browser, go to Help > About (browser name) in its options menu. If a new update is available, it should then download automatically. If you haven't updated your browser, check for updates now! 1 2 Quote Link to comment Share on other sites More sharing options...
sunrat Posted September 15 Share Posted September 15 Fixed in Debian firefox-esr two days ago: Quote Package : firefox-esr CVE ID : CVE-2023-4863 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 102.15.1esr-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 102.15.1esr-1~deb12u1. 1 Quote Link to comment Share on other sites More sharing options...
sunrat Posted Friday at 09:39 PM Share Posted Friday at 09:39 PM The same CVE also affected Thunderbird apparently. It was fixed in Debian yesterday. 2 Quote Link to comment Share on other sites More sharing options...
sunrat Posted Sunday at 11:08 PM Share Posted Sunday at 11:08 PM libwebp packages also just upgraded in Debian Bullseye, same CVE: Quote - ------------------------------------------------------------------------- Debian Security Advisory DSA-5497-2 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libwebp CVE ID : CVE-2023-4863 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 0.6.1-2.1+deb11u2. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.