hackers can build webpages that can inject [download] malware onto a visitors device when they view a WebP image
exactly how that relates to xara software, is for acorn....
Member
Re: WebP Vulnerability
hackers can build webpages that can inject [download] malware onto a visitors device when they view a WebP image
exactly how that relates to xara software, is for acorn....
-------------------------------
Nothing lasts forever...
Super Moderator
Re: WebP Vulnerability
It could infect you if you open a malicious WepP in Pro+.Originally Posted by handrawn
hackers can build webpages that can inject [download] malware onto a visitors device when they view a WebP image
exactly how that relates to xara software, is for acorn....
Acorn
Acorn - installed Xara software: Cloud+/Pro+ and most others back through time (to CC's Artworks). Contact for technical remediation/consultancy for your web designs.
When we provide assistance, your responses are valuable as they benefit the community. TG Nuggets you might like. Report faults: Xara Cloud+/Pro+/Magix Legacy; Xara KB & Chat
Moderator Emeritus
Re: WebP Vulnerability
Hmm? Does not sound good.
Gary W. Priester
Mr. Moderator Emeritus Dude, Sir
gwpriester.com | eyetricks-3d-stereograms.com | eyeTricks on Facebook | eyeTricks on YouTube | eyeTricks on Instagram
Member
Re: WebP Vulnerability
Even if Xara applications are invulnerable to an infected WebP image, assuming one uses such an image and could pass it along untouched to a website build/update, it would then be possible that site can infect others or the designer's computer viewing the page they built unless both parties are using up to date browsers / browser components.
Member
Re: WebP Vulnerability
as I thought, thanks
-------------------------------
Nothing lasts forever...
Administrator
Re:WebP Vulnerability
We frequently update libraries. While we accessed this to be a very low risk vulnerability, the LibWebP is already scheduled to be updated in the next release of the desktop products. Note that the copyright notice in the latest version of the LibWebP source files direct from Google still says 2010, so that isn't a specific cause for concern.
Have a good weekend.
Matt
[I am not sure why Matt, but your response to this thread was moderated and some of the foreign characters that appear in Russian spammer posts appeared in the title of your response. I replaced the title in your post and removed your response from moderation. Gary]
Super Moderator
Re: WebP Vulnerability
Sneaking in under Matt's Closed Thread radar...
...the WebP vulnerability has now been patched in Xara Designer Pro+ 23.5.0.68069 SL x64 Nov 13 2023 and probably other Plus products.
Acorn
Last edited by Acorn; 15 November 2023 at 03:58 PM.
When we provide assistance, your responses are valuable as they benefit the community. TG Nuggets you might like. Report faults: Xara Cloud+/Pro+/Magix Legacy; Xara KB & Chat
Administrator
Re: WebP Vulnerability
Please clarify
Super Moderator
Re: WebP Vulnerability
Xara says it is now fixed so thank you.
There is no point in closing a Thread when the resolution has not been recorded. I was doing just that.
Acorn
When we provide assistance, your responses are valuable as they benefit the community. TG Nuggets you might like. Report faults: Xara Cloud+/Pro+/Magix Legacy; Xara KB & Chat
Administrator
Re: WebP Vulnerability
You said has NOT been 'fixed'. That is why we wanted you to clarify.
Posting Permissions
Bookmarks