Yes it does (but not directly).
WordPress > PHP ( GD or Imagick extension ) > libwebp
You should update your server OS package libwebp as a fix and then restart PHP (apache2 or php-fpm or whatever your PHP is running as)
If you are on shared/managed hosting, perhaps server system admins already did that for you.
to fix vulnerability libwebp only need to update package libwebp or better update php version? example from 8.2.3 to 8.2.11? which one better?
- Your question is not directly related to WordPress.
- Updating libwebp is usually enough, then restart all programs that are using it.
- It is always better to run latest PHP version in supported branch
Also note, there are some software that bundle their own libwebp or link it statically, this can include Windows Web stack (like OpenServer), LiteSpeed (which is using own build tree), binary programs supplied with some plugins (i.e. image optimization plugins), you have to track that programs yourself and check for newest version. This also goes for any Docker images that can contain and use libwebp
Most UNIX (and Linux) distributions already have updated their libwebp packages and most packages link to dynamic libraries, so updating the library and restart program using it is enough to fix.
I’m marking this topic as resolved as there is no direct issue with WordPress.