CVE

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Back to all

CVE

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Related Resources

No items found.

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?fieldcve=CVE-2023-4863, https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/, https://blog.isosceles.com/the-webp-0day/, https://bugzilla.suse.com/showbug.cgi?id=1215231, https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html, https://crbug.com/1479274, https://en.bandisoft.com/honeyview/history/, https://github.com/webmproject/libwebp/releases/tag/v1.3.2, https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html, https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html, https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863, https://news.ycombinator.com/item?id=37478403, https://security-tracker.debian.org/tracker/CVE-2023-4863, https://security.gentoo.org/glsa/202309-05, https://security.gentoo.org/glsa/202401-10, https://security.netapp.com/advisory/ntap-20230929-0011/, https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/, https://www.bentley.com/advisories/be-2023-0001/, https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/, https://www.debian.org/security/2023/dsa-5498, https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/, https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863, https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a, http://www.openwall.com/lists/oss-security/2023/09/21/4, http://www.openwall.com/lists/oss-security/2023/09/22/1, http://www.openwall.com/lists/oss-security/2023/09/22/3, http://www.openwall.com/lists/oss-security/2023/09/22/4, http://www.openwall.com/lists/oss-security/2023/09/22/5, http://www.openwall.com/lists/oss-security/2023/09/22/6, http://www.openwall.com/lists/oss-security/2023/09/22/7, http://www.openwall.com/lists/oss-security/2023/09/22/8, http://www.openwall.com/lists/oss-security/2023/09/26/1, http://www.openwall.com/lists/oss-security/2023/09/26/7, http://www.openwall.com/lists/oss-security/2023/09/28/1, http://www.openwall.com/lists/oss-security/2023/09/28/2, http://www.openwall.com/lists/oss-security/2023/09/28/4, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/, https://www.debian.org/security/2023/dsa-5496, https://www.debian.org/security/2023/dsa-5497, https://sethmlarson.dev/security-developer-in-residence-weekly-report-16

Severity

10

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

0.94083%

EPSS Percentile

0.999%

Introduced Version

0,0.1.0

Fix Available

ca332209cb5567c9b249c86788cb2dbf8847e760,0.1.8,0.9.3,0:102.15.1-1.el7_9,0:102.15.1-1.el8_8,0:1.0.0-8.el8_8.1,0:102.15.1-1.el9_2,0:1.2.0-7.el9_2,117.0.5938.62-1,102.15.1esr-1~deb12u1,1.2.4-0.2+deb12u1,1:102.15.1-1~deb12u1,102.15.1esr-1~deb11u1,0.6.1-2.1+deb11u2,1:102.15.1-1~deb11u1,115.2.1esr-1,1.2.4-0.3,1:115.2.2-1,0:1.2.4-0.2ubuntu1,1:115.2.3+build1-0ubuntu1,0:0.6.1-2ubuntu0.18.04.2+esm1,0:0.6.1-2ubuntu0.20.04.3,0:117.0.1+build2-0ubuntu0.20.04.1,1:102.15.1+build1-0ubuntu0.20.04.1,0:1.2.2-2ubuntu0.22.04.2,1:102.15.1+build1-0ubuntu0.22.04.1,1.3.2,1.3.1-r1,116.0.5845.187-r0,115.2.1-r0,5.15.10_git20230612-r1,5.15.15-r1,1.2.4-r3,1.2.3-r2,1.2.2-r2,5.15.9_git20230407-r2,5.15.13-r7,0:102.15.1-1.0.1.el8_8,0:102.15.1-1.0.1.el7_9,0:102.15.1-1.0.1.el9_2,0:1.2.0-3.amzn2.0.2,0:102.15.1-1.amzn2.0.1,0:5.9.2-1.amzn2.0.3,0:1.2.4-1.amzn2023.0.6

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2023-4863

CVE-2023-4863

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

10

Basic Information

Fix Critical Vulnerabilities Instantly