The #WebP buffer overflow bug that caused all the major browsers to issue patches earlier this week (e.g. #Firefox 117.0.1) also affects applications built with Electron. #1Password issued an update today for their Mac build.
The CVE affects the underlying webp library, not just web browsers, so this will be an ongoing issue.
"Who uses #libwebp?
"There are a lot of applications that use libwebp to render WebP images, I already mentioned a few of them, but some of the others that I know include: #Affinity (the design software), #Gimp, Inkscape [not according to Martin Owens, see comment below], #LibreOffice, #Telegram, #Thunderbird (now patched), #ffmpeg, and many, many #Android applications as well as cross-platform apps built with #Flutter."
Add comment