[MapServer-dev] WEBP vulnerability
Seth G
sethg at geographika.co.uk
Wed Oct 4 09:22:24 PDT 2023
Hi devs,
There has been quite a bit of talk about the WEBP vulnerability, and I noticed Tamas has updated the GISInternals buildkit [1] and Even patched the GDAL builds [2].
As I understand it the vulnerability exploits user supplied images. Am I correct in thinking that this will only be an issue for MapServer if Mapfiles are setup to read images that could be created externally and then read by MapServer in a RATER layer? Or could a layer using a WMS connection (cascaded WMS) be affected? I guess in that case the external service would have to have been compromised.
Serving WEBP as an OUTPUTFORMAT I don't think should be affected?
Seth
[1] https://github.com/gisinternals/buildsystem/issues/216
[2] https://github.com/OSGeo/gdal/issues/8501
--
web:https://geographika.net & https://mapserverstudio.net
twitter: @geographika
More information about the MapServer-dev
mailing list