An important security hole in the libwebp image library, which is used to render images in the WebP format, has been given a new CVE number by Google and is currently being actively exploited in the field. The problem, which has the CVE-2023-5129 tracking number, has received the maximum CVSS severity score of 10.0. It’s been said to be a problem with the Huffman coding algorithm.
A WebP lossless file that has been specially written could allow libwebp to write out-of-bounds data to the heap. The HuffmanCode buffer is given a size from an array of precalculated sizes, kTableSize, by the ReadHuffmanCodes() function. The color_cache_bits value specifies the appropriate size. The kTableSize array only considers the sizes for 8-bit first-level table lookups; second-level lookups are not considered.