Libwebp Vulnerability

Describe the issue or problem
Just wondering if this vulnerability is effecting our OJS.

Steps I took leading up to the issue
I heard it from a colleague and web search.

What application are you using?
OJS 3.3.0-14.

Additional information
I hope you don’t mind I asked. Thanks!

Hi @dung,

There are one or two image manipulation operations performed within PKP software – e.g. creation of thumbnails of various sizes when cover images are uploaded to submissions. It’s very unlikely that these could be abused but I suppose it’s possible. I wouldn’t lose sleep over it, but updating the underlying tools on the server is the best way to mitigate any risk; these libraries aren’t bundled with OJS itself.

Alec Smecher
Public Knowledge Project Team

1 Like