CVE-2023-4863 | Heap buffer overflow in WebP

  • Publication date: 2023-09-26
  • State: public
  • Description: The desktop client is based on Electron based on Chromium. And Chromium versions prior to version 116.0.5845.190 are vulnerable out of bounds memory via crafted WebP images.
  • Affected versions: Windows and Macosx Citadel desktop clients 7.8.0 and lower
  • Remediation: update the Citadel destop to version 09/14/2023-7.8.1 or higher; if not automatically launched - the update can be launched from the update menu.

 

CVE-2022-1293 | XSS vulnerability in Citadel

  • Publication date: 2022-04-13T09:42:00.000Z
  • State: public
  • Description: We have discovered a vulnerability that can affect the Citadel client. The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.
  • Affected versions: 7.1.1 and lower
  • Remediation: update to version 7.1.2 or higher
    • web client: just reload the page
    • desktop client: launch update from the menu