Vulnerability in Popular ‘libwebp’ Code More Widespread Than Expected

September 27, 2023 | A previously disclosed vulnerability, first tracked as CVE-2023-4863 and later marked as CVE-2023-5129 with the highest CVSS severity rating of 10 out of 10, is found to affect a wider range of applications than initially assumed. Originally announced as a Chrome browser issue, researchers later traced it back to the open-source libwebp library. This library, used by multiple browsers and image editors, was discovered in several popular container images’ latest versions, including Nginx, Python, Joomla, WordPress, Node.js, and more. The vulnerability poses significant risks due to its high severity and the potential for remote code execution, making it crucial for organizations to thoroughly inventory their software assets to ensure comprehensive mitigation.

Read full article

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Benchmark your cybersecurity against peers with our Free Quick Start Risk Assessments tool!
This is default text for notification bar