This was done to fix two vulnerabilities in the open source libraries that these programs use. The first vulnerability, identified as CVE-2023-4863, is caused by an issue in the WebP library that could lead to crashes or arbitrary code execution.
The second vulnerability (CVE-2023-5217) also involves an issue in the libvpx video codec library that could cause applications to crash or allow arbitrary code execution.
These libraries are widely used in various projects. For example, libwebp is used in modern web browsers such as Safari, Firefox, Edge, and others, as well as popular applications such as 1Password and Signal.
Libvpx, on the other hand, can be found in software for encoding and decoding videos in VP8 and VP9 formats, as well as for watching videos and online services such as Netflix, YouTube and Amazon Prime Video.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
