Sonar and libwebp

Hey there.

We wanted to proactively address the newly reported libwebp vulnerabilities (CVE-2023-4863 and CVE-2023-5129) – our research has so far indicated that none of our products are impacted.

While NIST has deemed CVE-2023-5129 as a duplicate of CVE-2023-4863, we will continue to monitor the situation for both.

We will provide additional updates in this thread, should the impact change.