CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: Sep 28, 2023
Updated: May 4, 2025
CVE: CVE-2023-5217
GHSA: GHSA-qqvq-6xgj-jw8g
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
electron	-	22.3.25
electron	24.0.0	24.8.5
electron	25.0.0	25.8.4
electron	26.0.0	26.2.4
electron	27.0.0-alpha.1	27.0.0-beta.8
microsoft / edge	116.0.1938.98	116.0.1938.98.x
microsoft / edge	117.0.2045.47	117.0.2045.47.x
microsoft / edge_chromium	116.0.5845.229	116.0.5845.229.x
microsoft / edge_chromium	117.0.5938.132	117.0.5938.132.x
mozilla / firefox	-	118.1
mozilla / firefox	-	118.0.1
mozilla / thunderbird	-	115.3.1
fedoraproject / fedora	37	37.x
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
debian / debian_linux	12.0	12.0.x
apple / iphone_os	17.0	17.0.3
apple / iphone_os	16.7	16.7.x
webmproject / libvpx	-	1.13.1
mozilla / firefox	-	115.3.1
apple / ipados	17.0	17.0.3
apple / ipados	16.7	16.7.x
google / chrome	-	117.0.5938.132
redhat / enterprise_linux	9.0	9.0.x

Vulnerability Database

289,599

CVE-2023-5217