Google has recently reclassified a vulnerability in the libwebp image library from a potential Chrome weakness to a critical security issue within the libwebp library itself, now identified as CVE-2023-5129. This decision has cleared the confusion within the cybersecurity community and highlighted the severity of the flaw, which has received a maximum severity rating of 10/10.
The vulnerability resides within the Huffman coding algorithm used by libwebp for lossless compression. Attackers exploiting this weakness can execute out-of-bounds memory writes by employing maliciously crafted HTML pages, leading to severe consequences like system crashes, arbitrary code execution, and unauthorized access to sensitive information.
This reclassification has significant implications for a wide array of projects and applications that depend on the libwebp open-source library. Popular container images such as Drupal, Nginx, Perl, Python, Ruby, Rust, and WordPress, along with widely used web browsers like Chrome, Firefox, Microsoft Edge, and Opera, are affected.
Various Linux distributions and notable applications like Microsoft Teams, Slack, Discord, LibreOffice, 1Password, Telegram, and Signal Desktop are also impacted. In response, Nuspire is actively monitoring for any signs of malicious activity related to this vulnerability and will promptly update their clients and the community with any further developments.
For those using software or applications affected by this vulnerability, it is crucial to check if software vendors have released patches for CVE-2023-5129 and libwebp, apply these patches as soon as they are available, and maintain ongoing monitoring for any mentions of CVE-2023-5129 or libwebp in security advisories. Your vigilance and prompt action can play a vital role in maintaining the security of your systems and data, ensuring protection against this critical vulnerability.
Source: Securityboulevard
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.