Does CVE-2023-4863 affect the Aspose family of products? If so, when do you intend providing an update? Thanks for any info. NVD - CVE-2023-4863. This was thought to be chrome only, but now it has been found that any products utilising libwebp are affected.
We have opened the following new ticket in our internal issue tracking system To check whether Aspose.Words is affected by this vulnerability.
Issue ID(s): WORDSNET-26016
We will keep you updated and let you know the result.
Regarding Aspose.Cells, we have opened the following new ticket in our internal issue tracking system to investigate whether Aspose.Cells is affected by this vulnerability.
Issue ID(s): CELLSNET-54320
Once we have an update on it, we will let you know here.
Thanks. Also please consider dependencies such as SkiaSharp that has been affected by the same or similar vulnerability.
For Aspose.Cells, please see/follow up the thread for your reference.
Updating SkiaSharp will work for .Net Core version but what about .Net Framework version? How to fix that?
Aspose.Cells does not use SkiaSharp for common .NET framework versions. Instead, it uses System.Drawing.Common for rendering graphics.
Oh yes sorry I just read that in the doco. Cheers!
A post was split to a new topic: CVE-2023-4863 - Aspose.PDF
We are pleased to inform you that your issue (logged earlier as “CELLSNET-54320”) has been resolved. We have updated version of SkiaSharp to 2.88.6 for CVE-2023-4863 vulnerability. The enhancement will be included in our upcoming release (Aspose.Cells v23.10) that we plan to release in the next week or so. You will be notified when the new version is published.
The issues you have found earlier (filed as CELLSNET-54320) have been fixed in this update. This message was posted using Bugs notification tool by johnson.shi
Can I get the update for Aspose.Words as SkiaSharp is also part of aspose.words. We want the skiasharp 2.88.6 version for Aspose.Words package.
@faryal.tanveer We already updated
SkiaSharp version in the current codebase and the next 23.11 version of Aspose.Words will use the fixed version. We will be sure to let you know once it is released.