Comments (4)
I'm closing this as there's now an advisory and products have been updated
from imageflow.
Will do. It's not immediately clear if this affects decoding, however, which would be the only attack path (Imageflow only allows lossless/quality configuration of webp encoding).
from imageflow.
I apologize and probably didn't figure out the correct cve number myself. Most likely I wanted to give this
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
https://blog.isosceles.com/the-webp-0day/
from imageflow.
Thank you. I've patched it, and also updated every other dependency in the project due to some interlocking restrictions.
from imageflow.
Related Issues (20)
- Error: Need Crop, got None HOT 1
- Some png files when resized with png.quality results as empty/transparent png file HOT 5
- Rename imageflow cli tool to something more convenient/shorter HOT 1
- When IDCT preshrinking is active, &zoom=x command may apply to preshrunk dimensions instead
- Investigate differences between ImageResizer4 f.sharpen and Imageflow
- Add compatibility for IR4 ?format=webp&quality=x
- imageflow_tool v1/querystring imlement print to stdout HOT 3
- too much time on a medium size file HOT 4
- jpeg Quality: bug or feature HOT 4
- CI feature: integrate pull request preview environments
- Require support for BMP files HOT 11
- Provide a sharper set of defaults for e-commerce solutions
- [RFC] Add a new syntax for srcset
- Massive linux .so build
- Azure Web App (Code,Linux,Net7) Error: Looking for "libimageflow.so" HOT 10
- How to use imageflow_tool on a managed server HOT 3
- Evaluate migrating to gif-dispose
- Repeated Gif convertation fails with "unexpected EOF" HOT 7
- possible to run in alpine container? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from imageflow.