HistoryEditJSON (OSV)

RUSTSEC-2023-0061

libwebp: OOB write in BuildHuffmanTable

Reported
Issued
Package
libwebp-sys (crates.io)
Type
Vulnerability
Categories
Keywords
#webp
Aliases
Patched
  • >=0.9.3

Description

Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable".

Advisory available under CC0-1.0 license.