Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Jan 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Oct 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Oct 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Sep 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Sep 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Sep 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Sep 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) |
27 Sep 2023, 15:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Sep 2023, 17:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:* | |
First Time |
Webmproject
Webmproject libwebp |
18 Sep 2023, 17:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Mozilla firefox Esr
Mozilla firefox Microsoft Fedoraproject fedora Debian debian Linux Fedoraproject Google chrome Debian Mozilla Mozilla thunderbird Microsoft edge |
|
References |
|
|
References | (MISC) https://crbug.com/1479274 - Issue Tracking, Permissions Required, Vendor Advisory | |
References | (MISC) https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ - Third Party Advisory | |
References | (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1215231 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 - Patch, Vendor Advisory | |
References | (MISC) https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html - Release Notes, Vendor Advisory | |
References | (MISC) https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a - Patch | |
References | (MISC) https://en.bandisoft.com/honeyview/history/ - Release Notes, Third Party Advisory | |
References | (MISC) https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ - Exploit, Third Party Advisory | |
References | (MISC) https://news.ycombinator.com/item?id=37478403 - Exploit, Third Party Advisory | |
References | (MISC) https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/ - Third Party Advisory | |
References | (MISC) https://security-tracker.debian.org/tracker/CVE-2023-4863 - Issue Tracking, Third Party Advisory |
13 Sep 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Sep 2023, 19:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-12 15:15
Updated : 2024-01-07 11:15
NVD link : CVE-2023-4863
Mitre link : CVE-2023-4863
CVE.ORG link : CVE-2023-4863
JSON object : View
Products Affected
microsoft
- edge
mozilla
- thunderbird
- firefox
- firefox_esr
debian
- debian_linux
- chrome
webmproject
- libwebp
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write