“heap buffer overflow” – is plugin affected?

  • Hi, following the various reports such as:

    Critical WebP bug: many apps, not just browsers, under threat
    The heap buffer overflow (CVE-2023-4863) vulnerability in the WebP Codec is being actively exploited in the wild.     Link

    My question is whether the plugin is affected and if yes, when it will be updated.

    FYI, I deactivated it for now.

    Thx in advance
    DJM

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hey cybeardjm, thanks for the heads-up on this, Been pondering how this could impact WordPress, Even if WP uses that library, an attacker would have to upload a webp file to exploit it, So it’s probably more of a concern for sites where users can upload images, like forums and such, By the way, how did you go about disabling that library?

    Thread Starter cybeardjm

    (@didierjm)

    Hi @malik15 – well, after seeing a lot of various posts on this subject, with so many apps that are indeed potential targets, I prefered to disable this stuff, for me and for others, just in case.

    I disabled the plugin and deleted all webp files that it had created over time (they were in a separate directory, not mixed with the uploads, so easier…).

    Now waiting for an answer about https://github.com/rosell-dk/webp-convert

    Sincerely
    DJM

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘“heap buffer overflow” – is plugin affected?’ is closed to new replies.