As many of you already know, the
libwebp library has a security problem:
"allowing a remote attacker to perform an out of bounds memory write via a crafted HTML page."
Or to put it more clearly:
A manipulated WebP image could be used to execute malware code on your target system!
If you wonder if Mp3tag is also affected (like many others listed in the above NIST-link as Mozilla Firefox and Thunderbird, MS Edge, Google Chrome and every other software using a libwebp library older then v1.3.2) the answer is:
No, Mp3tag is no more affected since Mp3tag v3.22a
If you are using WEBP cover pictures, please use a Mp3tag version newer then v3.22 from here:
The current available Mp3tag development version is v3.22d
And please don't forget to check for updates for your picture viewer tool or music playing software displaying
.webp cover pictures.
If you like to see a list with the yet known over 740 applications affected, please have a look here or here.
The list includes some well known software names like MS Teams, Skype and others using the Electron Framework.