CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

https://www.cve.org/CVERecord?id=CVE-2023-4863
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability

Published: Sep 21, 2023
Updated: Sep 22, 2023
GHSA: GHSA-j646-gj5p-p45g
Severity: Critical
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
CefSharp.Common	-	116.0.230
CefSharp.Common.NETCore	-	116.0.230

https://github.com/cefsharp/CefSharp/commit/f2890ba66170afb0bf742839febe4d20449f758c
https://github.com/cefsharp/CefSharp/releases/tag/v116.0.230
https://github.com/cefsharp/CefSharp/security/advisories/GHSA-j646-gj5p-p45g

Vulnerability Database

CefSharp affected by heap buffer overflow in WebP

Description

References

Deep Security Visibility Without the Complexity