#cve_2023_5129 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cve_2023_5129, aggregated by home.social.
-
@campuscodi This article claims that it is a new CVE for the same vulnerability, to clarify scope?
https://stackdiary.com/heap-buffer-overflow-in-libwebp-cve-2023-5129/
But this seclists thread seems to say that CVE-2023-5129 is associated with libwebp commits that are different from the fixes associated with CVE-2023-4863 [Edit: but these are described by the issuer as cleanups]:
https://seclists.org/oss-sec/2023/q3/230
The seclists poster is reaching out to double-check whether it's new. Solar Designer's assessment is that it's probably the same (but that the cleanups in the code should be examined anyway):
https://seclists.org/oss-sec/2023/q3/236
#CVE20235129 #CVE20234863 #CVE_2023_4863 ##CVE_2023_5129 #libwebp