GMS-2023-2685: @napi-rs/image affected by libwebp CVE
Impact
Heap buffer overflow in libwebp allows a remote attacker to perform an out-of-bounds memory write via a crafted webp image.
References
References
- blog.isosceles.com/the-webp-0day/
- github.com/Brooooooklyn/Image/commit/aa07979f6cd0c534a8befea87fac1210a3b621c1
- github.com/Brooooooklyn/Image/releases/tag/%40napi-rs%2Fimage%401.7.0
- github.com/Brooooooklyn/Image/security/advisories/GHSA-4vjr-crvh-383h
- github.com/advisories/GHSA-4vjr-crvh-383h
- github.com/advisories/GHSA-j7hp-h8jx-5ppr
Code Behaviors & Features
Detect and mitigate GMS-2023-2685 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →