RUSTSEC-2023-0060

Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0060.json
Aliases
Published
2023-09-12T12:00:00Z
Modified
2023-09-13T14:10:22Z
Details

Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to include a patch for "OOB write in BuildHuffmanTable".

References

Affected packages

crates.io / libwebp-sys2

Source Details

Package Name
libwebp-sys2

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.1.8

Ecosystem specific

{
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}