RUSTSEC-2023-0061

Source
https://rustsec.org/advisories/RUSTSEC-2023-0061
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0061.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2023-0061
Aliases
Published
2023-09-12T12:00:00Z
Modified
2024-09-19T16:27:11.184668Z
Summary
libwebp: OOB write in BuildHuffmanTable
Details

Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable".

References

Affected packages

crates.io / libwebp-sys

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.9.3

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}