webp security issue
Closed this issue ยท 4 comments
Is this fork also effected of the current webp issue? what library does the fork use for webp?
https://blog.isosceles.com/the-webp-0day/
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Yes the current version is probably affected by the CVE. It's been updated on the current development head but a new version hasn't been pushed out. I expect to get a version out this week.
Working on it. It's because there's a whole lotta changes on the Dev that I'm testing... and it's sort of all coming at once. ๐
Pushing out just the CVE fix wouldn't do justice to all the work translators and qbnu has put in for this upcoming release
Luckily, after reading the blog post you attached, a crash in jpegview wouldn't cause a privilege escalation. ๐