https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
A significant vulnerability in the WebP Codec has been unearthed, prompting major browser vendors, including Google and Mozilla, to expedite the release of updates to address the issue.⚠️ Important: Let me make it perfectly clear that this vulnerability doesn't just affect web browsers, it affects any software that uses the libwebp library. This includes Electron-based applications, for example - Signal. Electron patched the vulnerability yesterday. Also, software like Honeyview (from Bandisoft) released an update to fix the issue. CVE-2023-4863 was falsely marked as Chrome-only by Mitre and other organizations that track CVE's and 100% of media reported this issue as "Chrome only", when it's not.
The root of the issue lies within the "BuildHuffmanTable" function which was first introduced in 2014, the function is used to verify if the data is accurate. The vulnerability can occur when more memory is allocated if the table isn't sufficiently large for valid data.
Hope you updated your browser before loading rdrama today, bros.
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
this neighbor be trippin fr
Jump in the discussion.
No email address required.
Webp is a dope format, I get hard every time I compress a jpeg with it.
Jump in the discussion.
No email address required.
Die
Jump in the discussion.
No email address required.
Enjoy your 20mb webpages, you are digitally fat.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
I got webp image previews working with lf so I don't really care anymore to hate webp.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Don't worry I'm using the latest version of the rdrama Android app, I'm sure I have nothing to worry about.
Jump in the discussion.
No email address required.
More options
Context
I FRICKING KNEW IT
I TOLD EVERYONE THAT WEBP WAS THE INSTRUMENT OF SATAN BUT NOBODY CARED
Jump in the discussion.
No email address required.
More options
Context
God webps are the worst format in the world, bane of any photoshop worker. Done anyone know how to make brave not save every image in webp?
Jump in the discussion.
No email address required.
Open settings dumbass
Jump in the discussion.
No email address required.
ITS NOT FRICKING THERE R-SLUR
Jump in the discussion.
No email address required.
Open config.ini
Also, if the issue is downloading shit from rDrama become webp, then you're a fricking r-slur.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Webps are good though it's just no apps want to support it for some reason.
Jump in the discussion.
No email address required.
They're "good" except when you make an image format that's so complicated that instead of just displaying pixels on your screen, it tries to do 5000 other things and apparently has memory allocation vulnerabilities built in.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Just install imagemagick and make a context menu conversion to png, or if old school you can even use a batch file you dropt the image/folder on
It takes like two seconds
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Neat but nobody will beat my love for Adobe's frickup when just browsing a Flash page in a browser let someone take over the machine. It will always have a special place in my heart, and that's when browsers just said "aw heck nawww" and stopped support for it.
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
Flash was something else. I don't know wtf they must have been doing with their code. It was a new vulnerability every week.
Jump in the discussion.
No email address required.
yeah it was crazy. And it was a fun little tool too in the 90s/early 2000s
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
Xoomer
Jump in the discussion.
No email address required.
lol guilty.
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
Total Xoomer Death
Jump in the discussion.
No email address required.
Well that's just very rude!
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
More options
Context
adobe is notorious for bloated code bases, no idea with macromedia tho
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Jump in the discussion.
No email address required.
More options
Context
RETVRN... to jpeg
Jump in the discussion.
No email address required.
More options
Context
I'm in utter shock
Jump in the discussion.
No email address required.
More options
Context
You can't really do arbitrary code execution with it though
Jump in the discussion.
No email address required.
More options
Context
Yes I am a female g*mer, yes I even like Zelda. What a surprise (after I even gave him personal bonus points for wearing a Zelda Shirt). No, a g*mer shirt is not "a handicap". Yes, when you think wearing a Zelda shirt equals "dating a minor" then you are the problem, not the shirt. Nope, I don't think the "majority of women will see it as a turn off". Yes, when all women you know act negatively around people wearing g*mer shirts and degrade others for having that hobby you have a pretty bad and in my opinion immature social environment to be honest. Nope, you don't have to be a "nerd" or g*mer in order to accept and/or respect other people's hobbies. I think I got all covered now.
Snapshots:
archive.org
ghostarchive.org
archive.ph (click to archive)
https://cve.mitre.org/cgi-bin/cvename.cgi:
archive.org
ghostarchive.org
archive.ph (click to archive)
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40:
archive.org
ghostarchive.org
archive.ph (click to archive)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863:
archive.org
ghostarchive.org
archive.ph (click to archive)
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html:
archive.org
ghostarchive.org
archive.ph (click to archive)
Jump in the discussion.
No email address required.
More options
Context