@napi-rs/image affected by libwebp CVE
Impact
Heap buffer overflow in libwebp allows a remote attacker to perform an out of bounds memory write via a crafted webp image.
References
- https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
- https://blog.isosceles.com/the-webp-0day/
| Software | From | Fixed in |
|---|---|---|
@napi-rs / image
|
- | 1.7.0 |
- https://blog.isosceles.com/the-webp-0day
- https://blog.isosceles.com/the-webp-0day/
- https://github.com/Brooooooklyn/Image/commit/aa07979f6cd0c534a8befea87fac1210a3b621c1
- https://github.com/Brooooooklyn/Image/releases/tag/%40napi-rs%2Fimage%401.7.0
- https://github.com/Brooooooklyn/Image/security/advisories/GHSA-4vjr-crvh-383h
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime