[chore]: Bump golang.org/x/image from 0.14.0 to 0.15.0 (#2506)

Bumps [golang.org/x/image](https://github.com/golang/image) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/image/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/vendor/golang.org/x/image/webp/decode.go b/vendor/golang.org/x/image/webp/decode.go
index d6eefd596..e211c7d57 100644
--- a/vendor/golang.org/x/image/webp/decode.go
+++ b/vendor/golang.org/x/image/webp/decode.go
@@ -39,6 +39,7 @@ func decode(r io.Reader, configOnly bool) (image.Image, image.Config, error) {
 		alpha          []byte
 		alphaStride    int
 		wantAlpha      bool
+		seenVP8X       bool
 		widthMinusOne  uint32
 		heightMinusOne uint32
 		buf            [10]byte
@@ -113,6 +114,10 @@ func decode(r io.Reader, configOnly bool) (image.Image, image.Config, error) {
 			return m, image.Config{}, err
 
 		case fccVP8X:
+			if seenVP8X {
+				return nil, image.Config{}, errInvalidFormat
+			}
+			seenVP8X = true
 			if chunkLen != 10 {
 				return nil, image.Config{}, errInvalidFormat
 			}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 8bd0cfa10..6ec48a1f9 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -869,7 +869,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
 ## explicit; go 1.20
 golang.org/x/exp/constraints
 golang.org/x/exp/slices
-# golang.org/x/image v0.14.0
+# golang.org/x/image v0.15.0
 ## explicit; go 1.18
 golang.org/x/image/bmp
 golang.org/x/image/ccitt