RUSTSEC-2023-0060

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2023-0060

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0060.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2023-0060

Aliases

Published

2023-09-12T12:00:00Z

Modified

2024-08-07T19:29:17.748878Z

Summary

libwebp: OOB write in BuildHuffmanTable

Details

Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable".

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / libwebp-sys2

Package

Name: libwebp-sys2; View open source insights on deps.dev
Purl: pkg:cargo/libwebp-sys2

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.1.8

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}