CVE-2023-4863 fixed version
- libwebp 1.3.2 updated in previous v2.4
- Add an option for static webp decoder in library to workaround CVE-2023-4863 in android framework
WebpBitmapFactory.sUseSystemDecoder = false; // disable system decoder global first
Transformation<Bitmap> circleCrop = new CircleCrop();
GlideApp.with(mContext)
.load(url)
.optionalTransform(circleCrop)
.optionalTransform(WebpDrawable.class, new WebpDrawableTransformation(circleCrop))
.set(WebpDownsampler.USE_SYSTEM_DECODER, false) // disable system decoder for each request
.into(imageView);