![]() The problem lies in the fact that this function allocates extra memory if the existing table is not large enough for the input data, allowing arbitrary data to be written outside of the bounds set in memory, when processing a malicious WebP image, which can lead to arbitrary code execution. The CVE-2023-4863 vulnerability can be found in this library, specifically in the BuildHuffmanTable function used to validate the input data. Google developed an open source library for manipulating images in WebP format, known as Libwebp, providing tools and functionality for encoding and decoding images in this format. ![]() ![]() Thanks to WebP, developers and webmasters have the ability to generate more compact, high-quality images, which leads to a significant improvement in the loading speed of web pages. WebP is an image format that offers superior lossless and lossy compression for images on the Web. On September 6th, 2023 Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at the University of Toronto reported a critical vulnerability affecting an image compression library used in Chromium and other software solutions that support WebP images. ![]() The vulnerability CVE-2023-4863 is found in the open source Libwebp library and affects browsers such as Mozilla, Chrome and Edge ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |