20

Is Liftoff safe regarding the libwebp exploit?

posted
by
Avatar
MeatAndSarcasmGuy@lemmy.world
in
Avatar
liftoff@lemmy.world
4 comments
hidereport

I recently saw an article (https://stackdiary.com/heap-buffer-overflow-in-libwebp-cve-2023-5129/) that said WEBP images could be a huge security hole right now and I know Lemmy uses a lot of WEBP images.

I’m not sure how long this has been known, so maybe the Liftoff devs already took care of it. Does anyone know if Liftoff has already made the necessary patches?

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
Illecors@lemmy.cafe
19 points

The vulnerability is fixed within pict-rs, which is part of lemmy instance default setup. It’s such a coincidence that I’ve just updated it on mine.

TL;DR - it is not up to liftoff to fix it.

permalink
report
reply
Avatar
MeatAndSarcasmGuy@lemmy.worldOP
6 points

Oh that’s interesting. I thought it would be through the app, since the article mentioned being patched in browsers; so that’s definitely good to know.

permalink
report
parent
reply

Liftoff!

!liftoff@lemmy.world

Create post

A mobile client for Lemmy running on iOS and Android

Community stats

  • 3

    Monthly active users

  • 328

    Posts

  • 2K

    Comments

Community moderators