Google libwebp open source library remote code execution vulnerability

WebP is an image format developed by Google, which supports lossy and lossless compression of network images, and its compression effect and speed have certain advantages over PNG and JPEG formats. libwebp is a C/C++ open source library that implements the coding and decoding of the WebP image format. libwebp provides functional functions and a series of tools to encode image data into WebP format and decode and restore WebP format images. libwebp can also be used as a dependency library to implement program support for WebP image format. By providing functions and tools , libwebp can encode image data into WebP format , as well as WebP format image decoding and restoration . libwebp can also be used as a dependency library to achieve program support for the WebP image format . libwebp in the container image , frameworks , browsers , Linux operating systems and applications have more applications. libwebp can be used as an open source library to implement WebP image format encoding and decoding . Google libwebp open source inventory in remote code execution vulnerability, libwebp’s BuildHuffmanTable function in the use of the Huffman algorithm (Huffman) to decode Webp images, due to the lack of necessary input validation, memory out-of-bounds write flaws. An unauthenticated attacker can create a malicious page or file and induce a user to browse to access it to perform an out-of-bounds memory write to achieve remote arbitrary code execution or unauthorized access to sensitive information on the target host device. The vulnerability can be exploited as a 0-Click under certain environmental conditions.