Security News > 2023 > September > Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

2023-09-27 05:23
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially
News URL
https://thehackernews.com/2023/09/new-libwebp-vulnerability-under-active.html
Related news
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
- Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Why CVSS is failing us and what we can do about it (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-25 | CVE-2023-5129 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863. | 0.0 |