Results 1 to 10 of 13

Thread: WebP Vulnerability

Thread Tools
- Show Printable Version
- Subscribe to this Thread…
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

02 November 2023, 02:44 PM #1
Acorn

View Profile

View Forum Posts

Private Message

Super Moderator
Join Date

Apr 2012

Location

SW England

Posts

17,878
WebP Vulnerability

@Xara, a critical vulnerability was identified on 06/25/28 Sep 2023 for the LibWebP library that you use in Pro+:
"WebP support uses the libwebp library, Copyright (c) 2010, Google Inc. The license [sic] is webp.txt in the HelpAndSupport folder of your Xara Designer software installation".

Have you patched your instance?
The current 2010 copyright statement is not encouraging.
https://www.tarlogic.com/blog/cve-2023-4863/:
"Although initially the vulnerability CVE-2023-4863 was assigned to Google Chrome, it really affects the library LibWebP. That’s why on September 25th, a new dedicated CVE identifier was created, the CVE-2023-5217. It is the same vulnerability but assigned to the library instead of Google Chrome browser exclusively. Also, Google assigned the highest criticality possible to this new identifier, with a CVSS3.1 score of 10."
(https://nvd.nist.gov/vuln/detail/CVE-2023-5217)
Acorn

Acorn - installed Xara software: Cloud+/Pro+ and most others back through time (to CC's Artworks). Contact for technical remediation/consultancy for your web designs.
When we provide assistance, your responses are valuable as they benefit the community. TG Nuggets you might like. Report faults: Xara Cloud+/Pro+/Magix Legacy; Xara KB & Chat

Quick Navigation Xara graphics chat Top

« Previous Thread | Next Thread »

Bookmarks

Bookmarks

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
[VIDEO] code is Off
HTML code is Off

© 2018 Xara Group Ltd

All times are GMT. The time now is 11:41 PM.