CefSharp affected by libvpx's heap buffer overflow in vp8 encoding

Google is aware that an exploit for CVE-2023-5217 exists in the wild.

Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

https://www.cve.org/CVERecord?id=CVE-2023-5217
https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Published: Oct 5, 2023
Updated: Oct 6, 2023
GHSA: GHSA-4c29-gfrp-g6x9
Severity: High
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
CefSharp.Common	-	117.2.20
CefSharp.Common.NETCore	-	117.2.20

https://github.com/cefsharp/CefSharp/commit/45e66f7c0f9094f2fd81ab57b37a9ed9576b51b8
https://github.com/cefsharp/CefSharp/security/advisories/GHSA-4c29-gfrp-g6x9

Vulnerability Database

CefSharp affected by libvpx's heap buffer overflow in vp8 encoding