Oddbean new post about | logout
206b168c | 1 years ago (raw) | export | reply | flag +1 
 CVE-2023-41064 is going to require patching everything that renders WebP images. Every browser/electron apps/mobile apps like telegram/Flutter apps/etc etc

Welcome to the modern software supply chain!
Stéphane Bortzmeyer | 1 years ago (raw) | root | parent | reply | flag 
 @dfad625e Patching dynamic libraries is not enough? Not every app is build statically, thanks, gods.
Haelwenn /элвэн/ :triskell: | 1 years ago (raw) | root | parent | reply | flag 
 @dfad625e And as usual for supply chains:
- distros: Fixed for everyone in less than a day, maybe a bit more when vendoring wasn't already patched out
- everyone else: Going to stay vulnerable basically forever, because devs aren't integrators
Stéphane Bortzmeyer | 1 years ago (raw) | root | parent | reply | flag 
 @dfad625e Isn't it CVE-2023-4863? (CVE-2023-41064 seems Apple-only, and a different bug).