The source of the vulnerability is a flawed implementation of the Huffman coding algorithm, which may allow attackers to trigger a heap buffer overflow and to execute arbitrary code.ĬVE-2023-5129 affects libwebp versions 0.5.0 to 1.3.1, and has been fixed in version 1.3.2. The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applications for encoding/decoding the WebP image format. The entry for the latter has been broadened to include its impact to the libwebp library. The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of CVE-2023-4863. To try out different versions of Electron.UPDATE (September 28, 2023, 03:15 a.m. To build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04.Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy. Windows on ARM support was added in Electron 5.0.8.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |