[osgeo4w-dev] [osgeo4w] #805: Vulnerable versions of libwebp, upgrade to 1.3.2
OSGeo4W
trac_osgeo4w at osgeo.org
Fri Sep 29 02:46:53 PDT 2023
#805: Vulnerable versions of libwebp, upgrade to 1.3.2
---------------------------+---------------------------
Reporter: Andreas Müller | Owner: osgeo4w-dev@…
Type: defect | Status: new
Priority: normal | Component: Package
Version: | Keywords:
---------------------------+---------------------------
In my department we were pointed to the vulnerability of libwebp.
After [https://nvd.nist.gov/vuln/detail/CVE-2023-4863 CVE-2023-4863] the
open source library libwebp is vulnerable to Heap buffer overflow. I think
osgeo4w uses this library, too (libwebp-1.2.2-1). If I understand right,
it can be upgraded to 1.3.2 which has a security fix.
--
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/805>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.
More information about the osgeo4w-dev
mailing list