GHSA-94vc-p8w7-5p49

Опубликовано: 05 окт. 2023

Источник: github

Github: Прошло ревью

Описание

Bundled libwebp in imagecodecs vulnerable

imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://nvd.nist.gov/vuln/detail/CVE-2023-5129
https://github.com/cgohlke/imagecodecs/blob/v2023.9.18/CHANGES.rst
https://github.com/pypa/advisory-database/tree/main/vulns/imagecodecs/PYSEC-2023-174.yaml

Пакеты

Наименование

imagecodecs

pip

Затронутые версииВерсия исправления

< 2023.9.18

2023.9.18