3 matches found
CVE-2026-46601
The CVE refers to a panic in the golang.org/x/image webp decoder when processing a VP8 chunk whose alpha channel size does not match the canvas size. Affected component: the WebP decoder in x/image/webp. Root cause: mismatch between VP8 chunk dimensions and the canvas size triggers a panic (crash...
CVE-2023-30200
In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” ultimateimagetool in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack...
The updated packages fix a security vulnerability
Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted imagewebp and...