CVE-2026-3707 | MrNanko webp4j up to 1.3.x src/main/c/gif_decoder.c DecodeGifFromMemory canvas_height integer overflow

Inserito da Angelo Barbosa | Mar 7, 2026 | CVE

A vulnerability, which was classified as critical, was found in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_height leads to integer overflow.

This vulnerability is uniquely identified as CVE-2026-3707. Local access is required to approach this attack. Moreover, an exploit is present.

It is advisable to implement a patch to correct this issue.

CVE-2026-3707 | MrNanko webp4j up to 1.3.x src/main/c/gif_decoder.c DecodeGifFromMemory canvas_height integer overflow

Post correlati

CVE-2024-24062 | springboot-manager 1.6 /sys/role cross site scripting

CVE-2024-20284 | Cisco NX-OS up to 7.3(11)N1(1a) Python Interpreter protection mechanism (cisco-sa-nxos-psbe-ce-YvbTn5du)

CVE-2023-47033 | MultiSigWallet 0xF0C99 executeTransaction Privilege Escalation

CVE-2025-1435 | johnjamesjacoby bbPress Plugin up to 2.6.11 on WordPress bbp_user_add_role_on_register cross-site request forgery