@Xara, a critical vulnerability was identified on 06/25/28 Sep 2023 for the LibWebP library that you use in Pro+:
"WebP support uses the libwebp library, Copyright (c) 2010, Google Inc. The license [sic] is webp.txt in the HelpAndSupport folder of your Xara Designer software installation".
Have you patched your instance?
The current 2010 copyright statement is not encouraging.
https://www.tarlogic.com/blog/cve-2023-4863/:
"Although initially the vulnerability CVE-2023-4863 was assigned to Google Chrome, it really affects the library LibWebP. That’s why on September 25th, a new dedicated CVE identifier was created, the CVE-2023-5217. It is the same vulnerability but assigned to the library instead of Google Chrome browser exclusively. Also, Google assigned the highest criticality possible to this new identifier, with a CVSS3.1 score of 10."
(https://nvd.nist.gov/vuln/detail/CVE-2023-5217)
Acorn
Bookmarks