CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Published: Sep 12, 2023
Updated: May 9, 2024
CVE: CVE-2023-4863
GHSA: GHSA-j7hp-h8jx-5ppr
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
libwebp-sys2	-	0.1.8
libwebp-sys	-	0.9.3
electron	22.0.0	22.3.24
electron	24.0.0	24.8.3
electron	25.0.0	25.8.1
electron	26.0.0	26.2.1
electron	27.0.0-beta.1	27.0.0-beta.2
google / chrome	-	116.0.5845.187
fedoraproject / fedora	37	37.x
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
debian / debian_linux	12.0	12.0.x
mozilla / firefox	-	117.0.1
mozilla / thunderbird	-	102.15.1
mozilla / thunderbird	115.0	115.2.2
webmproject / libwebp	-	1.3.2
SkiaSharp	2.0.0	2.88.6
github.com/chai2010/webp	1.0.0	-
Pillow	-	10.0.1
webp	-	0.2.6
magick.net-q16-anycpu	-	13.3.0
magick.net-q16-hdri-anycpu	-	13.3.0
magick.net-q16-x64	-	13.3.0
magick.net-q8-anycpu	-	13.3.0
magick.net-q8-openmp-x64	-	13.3.0
magick.net-q8-x64	-	13.3.0
bentley / seequent_leapfrog	-	2023.2
mozilla / firefox	-	102.15.1
mozilla / firefox	115.1.0	115.2.1
microsoft / webp_image_extension	-	1.0.62681.0
microsoft / teams	-	1.6.00.26463
microsoft / teams	-	1.6.00.26474
microsoft / edge_chromium	-	116.0.1938.81
bandisoft / honeyview	-	5.51

Vulnerability Database

289,599

CVE-2023-4863