Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem

The libwebp vulnerability, identified in the WebP library, affects a wide range of software ecosystems, including browsers, operating systems, and popular application frameworks such as Electron. The vulnerability allows for denial-of-service (DoS) and possible remote code execution (RCE) attacks using maliciously crafted .webp images. Google has released fixes for popular browsers, but other vendors are also working to address the issue. Snyk is monitoring the situation and providing tools and resources to help developers detect and remediate the vulnerability in their projects. Developers can use Snyk's Priority Score and Insights to prioritize fixes and identify the most critical issues. To fix the libwebp vulnerability, developers should update their project dependencies or container images to version 1.3.2 or newer, rebuild their applications, and continue to monitor the situation for any updates.