Unable to load image

Everyone on rdrama is now running a compromised device: vulnerability in webp discovered

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

A significant vulnerability in the WebP Codec has been unearthed, prompting major browser vendors, including Google and Mozilla, to expedite the release of updates to address the issue.

⚠️ Important: Let me make it perfectly clear that this vulnerability doesn't just affect web browsers, it affects any software that uses the libwebp library. This includes Electron-based applications, for example - Signal. Electron patched the vulnerability yesterday. Also, software like Honeyview (from Bandisoft) released an update to fix the issue. CVE-2023-4863 was falsely marked as Chrome-only by Mitre and other organizations that track CVE's and 100% of media reported this issue as "Chrome only", when it's not.

The root of the issue lies within the "BuildHuffmanTable" function which was first introduced in 2014, the function is used to verify if the data is accurate. The vulnerability can occur when more memory is allocated if the table isn't sufficiently large for valid data.

Hope you updated your browser before loading rdrama today, bros.

49
Jump in the discussion.

No email address required.

So far the Web Browsers that have confirmed a fix and released an update include: Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, and Tor Browser. If your browser of choice is using Chromium then expect an update to already be rolled out or will be done shortly.

:#marseynothingburger:

Jump in the discussion.

No email address required.

>all browsers incl. tbb have had an nsa backdoor in them for 9 years

>it was snuck in as part of an unnecessary image format that everyone said would be a source of vulns

>:marseynothingburger:

this neighbor be trippin fr

Jump in the discussion.

No email address required.

Webp is a dope format, I get hard every time I compress a jpeg with it.

Jump in the discussion.

No email address required.

Die

Jump in the discussion.

No email address required.

:marseytheyhaterhermessage:

Enjoy your 20mb webpages, you are digitally fat.

Jump in the discussion.

No email address required.

I got webp image previews working with lf so I don't really care anymore to hate webp.

Jump in the discussion.

No email address required.

Don't worry I'm using the latest version of the rdrama Android app, I'm sure I have nothing to worry about.

Jump in the discussion.

No email address required.

I FRICKING KNEW IT

I TOLD EVERYONE THAT WEBP WAS THE INSTRUMENT OF SATAN BUT NOBODY CARED

Jump in the discussion.

No email address required.

God webps are the worst format in the world, bane of any photoshop worker. Done anyone know how to make brave not save every image in webp?

Jump in the discussion.

No email address required.

Open settings dumbass

Jump in the discussion.

No email address required.

ITS NOT FRICKING THERE R-SLUR

Jump in the discussion.

No email address required.

Open config.ini

Also, if the issue is downloading shit from rDrama become webp, then you're a fricking r-slur.

Jump in the discussion.

No email address required.

Webps are good though it's just no apps want to support it for some reason.

Jump in the discussion.

No email address required.

They're "good" except when you make an image format that's so complicated that instead of just displaying pixels on your screen, it tries to do 5000 other things and apparently has memory allocation vulnerabilities built in.

Jump in the discussion.

No email address required.

Just install imagemagick and make a context menu conversion to png, or if old school you can even use a batch file you dropt the image/folder on

It takes like two seconds

Jump in the discussion.

No email address required.

Neat but nobody will beat my love for Adobe's frickup when just browsing a Flash page in a browser let someone take over the machine. It will always have a special place in my heart, and that's when browsers just said "aw heck nawww" and stopped support for it.


Krayon sexually assaulted his sister. https://i.rdrama.net/images/17118241526738973.webp https://i.rdrama.net/images/17118241426254768.webp https://i.rdrama.net/images/17156480765435808.webp

Jump in the discussion.

No email address required.

Flash was something else. I don't know wtf they must have been doing with their code. It was a new vulnerability every week.

Jump in the discussion.

No email address required.

yeah it was crazy. And it was a fun little tool too in the 90s/early 2000s


Krayon sexually assaulted his sister. https://i.rdrama.net/images/17118241526738973.webp https://i.rdrama.net/images/17118241426254768.webp https://i.rdrama.net/images/17156480765435808.webp

Jump in the discussion.

No email address required.

Xoomer

Jump in the discussion.

No email address required.

lol guilty.


Krayon sexually assaulted his sister. https://i.rdrama.net/images/17118241526738973.webp https://i.rdrama.net/images/17118241426254768.webp https://i.rdrama.net/images/17156480765435808.webp

Jump in the discussion.

No email address required.

Total Xoomer Death

Jump in the discussion.

No email address required.

Well that's just very rude!

https://media.giphy.com/media/o9qT6CP4XyICY/giphy.webp


Krayon sexually assaulted his sister. https://i.rdrama.net/images/17118241526738973.webp https://i.rdrama.net/images/17118241426254768.webp https://i.rdrama.net/images/17156480765435808.webp

Jump in the discussion.

No email address required.

adobe is notorious for bloated code bases, no idea with macromedia tho

Jump in the discussion.

No email address required.

>BuildHuffmanTable

:#marseydarkspez:

Jump in the discussion.

No email address required.

RETVRN... to jpeg

Jump in the discussion.

No email address required.

>webp sucks peepee

I'm in utter shock :marseyspit:

Jump in the discussion.

No email address required.

Heap buffer overflow

You can't really do arbitrary code execution with it though :marseyill:

Jump in the discussion.

No email address required.

Yes I am a female g*mer, yes I even like Zelda. What a surprise (after I even gave him personal bonus points for wearing a Zelda Shirt). No, a g*mer shirt is not "a handicap". Yes, when you think wearing a Zelda shirt equals "dating a minor" then you are the problem, not the shirt. Nope, I don't think the "majority of women will see it as a turn off". Yes, when all women you know act negatively around people wearing g*mer shirts and degrade others for having that hobby you have a pretty bad and in my opinion immature social environment to be honest. Nope, you don't have to be a "nerd" or g*mer in order to accept and/or respect other people's hobbies. I think I got all covered now.

Snapshots:

https://cve.mitre.org/cgi-bin/cvename.cgi:

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863:

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html:

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.