Описание
@napi-rs/image affected by libwebp CVE
Impact
Heap buffer overflow in libwebp allows a remote attacker to perform an out of bounds memory write via a crafted webp image.
References
Ссылки
- https://github.com/Brooooooklyn/Image/security/advisories/GHSA-4vjr-crvh-383h
- https://github.com/Brooooooklyn/Image/commit/aa07979f6cd0c534a8befea87fac1210a3b621c1
- https://blog.isosceles.com/the-webp-0day
- https://github.com/Brooooooklyn/Image/releases/tag/%40napi-rs%2Fimage%401.7.0
- https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
Пакеты
Наименование
@napi-rs/image
npm
Затронутые версииВерсия исправления
< 1.7.0
1.7.0
8.8 High
CVSS3
8.8 High
CVSS3