About CVE-2023-4863 libwebp vulnerability #2026

SagePtr · 2023-09-18T09:29:43Z

SagePtr
Sep 18, 2023

Heap buffer overflow in libwebp.
Fixed in latest Debian: https://security-tracker.debian.org/tracker/CVE-2023-4863
Fixed in latest Ubuntu: https://ubuntu.com/security/CVE-2023-4863
At least, php_gd2 uses libwebp, not sure about php_imagick.
Shouldn't PHP be recompiled against patched libwebp?

Answered by oerdnj

Sep 18, 2023

No, libwebp is dynamically linked, so there's no need to recompile anything. However you should restart any process that might have pulled the old vulnerable version into its address space.

View full answer

oerdnj · 2023-09-18T09:37:43Z

oerdnj
Sep 18, 2023
Maintainer

No, libwebp is dynamically linked, so there's no need to recompile anything. However you should restart any process that might have pulled the old vulnerable version into its address space.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

About CVE-2023-4863 libwebp vulnerability #2026

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

About CVE-2023-4863 libwebp vulnerability #2026

SagePtr Sep 18, 2023

Replies: 1 comment

oerdnj Sep 18, 2023 Maintainer

SagePtr
Sep 18, 2023

oerdnj
Sep 18, 2023
Maintainer