A critical vulnerability has been found in the libwebp library for processing graphics in WebP format, which allows information to be written to memory using buffer overflow.
Advisory release date
Sep 12, 2023
Internal Customer Hosted Services
CVSS Baser score 8.8 HIGH
Summary of Vulnerability
Heap buffer overflow in libwebp library in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
NT-ware IT Operations and the Development teams have reviewed our products and services and concluded that we are not impacted by these CVE’s. We are not using this library in any of our products or web services.