Is Liftoff safe regarding the libwebp exploit? (lemmy.world)

submitted 1 year ago by MeatAndSarcasmGuy@lemmy.world to c/liftoff@lemmy.world

4 comments fedilink hide all child comments

I recently saw an article (https://stackdiary.com/heap-buffer-overflow-in-libwebp-cve-2023-5129/) that said WEBP images could be a huge security hole right now and I know Lemmy uses a lot of WEBP images.

I'm not sure how long this has been known, so maybe the Liftoff devs already took care of it. Does anyone know if Liftoff has already made the necessary patches?

you are viewing a single comment's thread
view the rest of the comments

[-] Illecors@lemmy.cafe 19 points 1 year ago

The vulnerability is fixed within pict-rs, which is part of lemmy instance default setup. It's such a coincidence that I've just updated it on mine.

TL;DR - it is not up to liftoff to fix it.

[-] MeatAndSarcasmGuy@lemmy.world 6 points 1 year ago

Oh that's interesting. I thought it would be through the app, since the article mentioned being patched in browsers; so that's definitely good to know.

this post was submitted on 26 Sep 2023

20 points (91.7% liked)

Liftoff!

4350 readers

1 users here now

A mobile client for Lemmy running on iOS and Android

founded 1 year ago

MODERATORS

liftoff@lemmy.world

zach@bigfoot.ninja

zachatrocity@lemmy.world

mykl@lemmy.world