Patch for libwebp vulnerability? #470
Comments
|
I’m here checking on the same thing. I’m auditing all the apps on my machine running vulnerable versions of Electron and DiffusionBee’s sticking out: Electron/13.6.8 |
|
The more I think about the libwebp vulnerability, the more I conclude that it's really of the highest concern for Electron based messaging or file sharing applications. In order for an attacker to leverage a libwebp vulnerability in Diffusionbee, the attacker would need to get an "infected" webp file into your Diffusionbee 'images' folder... not impossible, but would require the attacker already having access to your system via some other vector. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I see that Diffusionbee is using the Electron Framework -- given the recent 0-day vulnerability in libwebp can we get a "security patch" release?
I'm not sure if Diffusionbee actually renders webp files ever, but can't hurt to patch.
The text was updated successfully, but these errors were encountered: