CVE-2023-41064 is going to require patching everything that renders WebP images. Every browser/electron apps/mobile apps like telegram/Flutter apps/etc etc Welcome to the modern software supply chain!
@dfad625e Patching dynamic libraries is not enough? Not every app is build statically, thanks, gods.
@dfad625e And as usual for supply chains: - distros: Fixed for everyone in less than a day, maybe a bit more when vendoring wasn't already patched out - everyone else: Going to stay vulnerable basically forever, because devs aren't integrators
@dfad625e Isn't it CVE-2023-4863? (CVE-2023-41064 seems Apple-only, and a different bug).