Skip to content

@napi-rs/image affected by libwebp CVE

High severity GitHub Reviewed Published Sep 27, 2023 in Brooooooklyn/Image • Updated Sep 27, 2023

Package

npm @napi-rs/image (npm)

Affected versions

< 1.7.0

Patched versions

1.7.0

Description

Impact

Heap buffer overflow in libwebp allows a remote attacker to perform an out of bounds memory write via a crafted webp image.

References

References

@Brooooooklyn Brooooooklyn published to Brooooooklyn/Image Sep 27, 2023
Published to the GitHub Advisory Database Sep 27, 2023
Reviewed Sep 27, 2023
Last updated Sep 27, 2023

Severity

High
8.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-4vjr-crvh-383h

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.