VulnerableCode Package Details - pkg:conan/libwebp@1.3.1

Search for packages

Package details: pkg:conan/libwebp@1.3.1

Essentials
History (2)

purl	pkg:conan/libwebp@1.3.1

Next non-vulnerable version	1.3.2
Latest non-vulnerable version	1.3.2
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-pe8x-79nr-3qg4 Aliases: CVE-2023-4863 GHSA-j7hp-h8jx-5ppr	Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. Note: This advisory was previously also tracked as CVE-2023-5129.	1.3.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-nr5n-zkwn-gqdb	A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.	CVE-2023-1999

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T11:19:53.528249+00:00	GitLab Importer	Affected by	VCID-pe8x-79nr-3qg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libwebp/CVE-2023-4863.yml	37.0.0
2025-07-31T09:29:22.204910+00:00	GitLab Importer	Fixing	VCID-nr5n-zkwn-gqdb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libwebp/CVE-2023-1999.yml	37.0.0