Resolving WebP Zero-day Vulnerability CVE-2023-4863 | allinfosecnews.com

Sept. 29, 2023, 2:12 p.m. | Nova Trauben@veracode.com (Nova Trauben)

Application Security Research, News, and Education Blog www.veracode.com

What It Is
Webp is the backbone of the webp extension. Any image that is saved to the webp image format most likely was created using the webp library. The library was released in 2010 by Google.
The History of the Webp Vulnerability CVE-2023-4863
The first CVE for this webp vulnerability was disclosed in CVE-2023-41061, but note how the description does not mention the root of the issue anywhere. Then Google released CVE-2023-4863, which was the first actual mention of …

cve cve-2023-41061 cve-2023-4863 extension google history image library vulnerability webp zero-day zero-day vulnerability

More from www.veracode.com / Application Security Research, News, and Education Blog

Enhancing Developer Efficiency With AI-Powered Remediation 4 days, 9 hours ago | www.veracode.com

ai-powered code code security copilot +21

Speed vs Security: Striking the Right Balance in Software Development with AI 1 week, 3 days ago | www.veracode.com

ai software artificial artificial intelligence balance +15

Veracode Advances Cloud-Native Application Security with Longbow Acquisition 3 weeks, 5 days ago | www.veracode.com

acquisition application application security cloud +22

Veracode Customers Shielded from NVD Disruptions 4 weeks, 2 days ago | www.veracode.com

analysis customers cves database +13

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix 1 month ago | www.veracode.com

application blog code cross-site +16

Security Debt: A Growing Threat to Application Security 1 month, 1 week ago | www.veracode.com

application application security debt development +17

A Timely Shift: Prioritizing Software Security in the 2024 Digital Landscape 1 month, 2 weeks ago | www.veracode.com

address attack attack surface back +16

Integrating Veracode DAST Essentials into Your Development Toolchain 1 month, 3 weeks ago | www.veracode.com

application applications application security application security testing +21

The Risks of Automated Code Generation and the Necessity of AI-Powered Remediation 1 month, 3 weeks ago | www.veracode.com

ai-powered automated can code +22

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Salesforce Solution Consultant

@ BeyondTrust | Remote United States

View on infosec-jobs.com

Divisional Deputy City Solicitor, Public Safety Compliance Counsel - Compliance and Legislation Unit

@ City of Philadelphia | Philadelphia, PA, United States

View on infosec-jobs.com

Security Engineer, IT IAM, EIS

@ Micron Technology | Hyderabad - Skyview, India

View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States

View on infosec-jobs.com

Werkstudent Cybersecurity (m/w/d)

@ Brose Group | Bamberg, DE, 96052

View on infosec-jobs.com