These bugs could lead to arbitrary code execution when dealing with a maliciously crafted image. This recent development follows after a similar bug was addressed by Apple, Google, and Mozilla, labeled under CVE codes CVE-2023–41064 and CVE-2023–4863. The ReadHuffmanCodes() function and the ReplicateValue area are particularly impacted by this flaw. The flaw arises from an issue in the Huffman coding algorithm which, with a specially crafted WebP lossless file, can lead to out-of-bounds data writing to the heap. This vulnerability, identified as CVE-2023–5129, has received the maximum severity score of 10.0 on the CVSS rating scale. Google has acknowledged a new and severe security flaw in the libwebp image library, which handles the rendering of WebP format images. UPDATE: CVE-2023–5129 has now been rejected and instead is being ref er red to as its predecessor only, CVE-2023–4863
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |