Gregory's ServerFYI: A critical heap overflow vulnerability has been discovered in libwebp that is being actively exploited in the wild and potentially allows for remote code execution. This affects at least all the popular browsers and Electron-based apps, including messengers such as Signal and Telegram, and additionally LibreOffice. Organic Maps is not affected.
https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
 6 comments
@organicmaps I don't think Telegram has an official Electron-based app. However at least their QT desktop app is probably affected since it uses #libwebp.  @organicmaps Well.. As I used to say many times before, webp as lots of google "invented" products/things is a modern internet day cancer. No "fixing" can change that. Avoid the crap if you can! |
This is not clear whether @organicmaps is also affected by this vulnerability… 🤔
Is it just a "FYI" or shall we upgrade ASAP?
Thanks