The issue is fixed upstream in those commits: https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/ https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
Whiteboard: (none) => MGA9TOO, MGA8TOOCC: (none) => nicolas.salgueroSource RPM: (none) => libwebp-1.3.0-2.mga9.src.rpm
Assigning this globally because there is no one packager in evidence for libwebp.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2023-4863) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863 ======================== Updated packages in 9/core/updates_testing: ======================== lib(64)sharpyuv0-1.3.0-2.1.mga9 lib(64)webp7-1.3.0-2.1.mga9 lib(64)webpdecoder3-1.3.0-2.1.mga9 lib(64)webpdemux2-1.3.0-2.1.mga9 lib(64)webpmux3-1.3.0-2.1.mga9 lib(64)webp-devel-1.3.0-2.1.mga9 libwebp-tools-1.3.0-2.1.mga9 from SRPM: libwebp-1.3.0-2.1.mga9.src.rpm Updated packages in 8/core/updates_testing: ======================== lib(64)webp7-1.1.0-2.2.mga8 lib(64)webpdecoder3-1.1.0-2.2.mga8 lib(64)webpdemux2-1.1.0-2.2.mga8 lib(64)webpmux3-1.1.0-2.2.mga8 lib(64)webp-devel-1.1.0-2.2.mga8 libwebp-tools-1.1.0-2.2.mga8 from SRPM: libwebp-1.1.0-2.2.mga8.src.rpm
Assignee: pkg-bugs => nicolas.salgueroVersion: Cauldron => 9Status: NEW => ASSIGNEDWhiteboard: MGA9TOO, MGA8TOO => MGA8TOO
Assignee: nicolas.salguero => qa-bugs
MGA8-64 Xfce on Acer Aspire 5253 No innstallation issues. Ref bug 31783 for testing Firefox continues to work OK, looked for other test, and found https://developers.google.com/speed/webp/docs/img2webp trying with some jpg files. $ img2webp shelt0001.jpeg shelt0002.jpeg shelt0003.jpeg -o testwebp.webp Frame #1 dimension mismatched! Got 2104 x 3183. Was expecting 3152 x 2158. Above documentation does not show any light on this problem Ommitting the first jpg: $ img2webp shelt0002.jpeg shelt0003.jpeg -o testwebp.webp Frame #1 dimension mismatched! Got 3152 x 2131. Was expecting 2104 x 3183. Beats me !!!!!
CC: (none) => herman.viaene
Severity: normal => critical
I tested this in MGA9 as best I could. approving this
CC: (none) => brtians1Whiteboard: MGA8TOO => MGA8TOO MGA9-64-OK
MGA9-64 Xfce on Acer Aspire 5253 No innstallation issues. Got exactly te same results as in Comment 3. I don't know what to think of it, specially since I cann't find any restriction on the file sizes while googling.