[vlc-devel] Libwebp CVE
Steve Lhomme
robux4 at ycbcr.xyz
Mon Oct 2 04:53:21 UTC 2023
There are traces of libwebp on libaom. The threading API is said to come
from libwebp. If the issue comes from there, it might have the same issue.
The commit related to CVE-2023-4863 [1] is
https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
and it doesn't seem related to that.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-4863
On 2023-09-29 18:55, Sean McGovern wrote:
> Hi,
>
> Do we consume libwebp directly or indirectly? There's a nasty CVE out
> for it.
>
> Sean McGovern
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list