Updated: 2024-07-31 21:28:59.383174
Description:
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 8.8 |
Added Date | Description | Due Date | Notes |
---|---|---|---|
2023-09-13 | Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec. | 2023-10-04 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | libwebp | 0.4.3 | 8.8 | HIGH | Not Vulnerable | 2023-10-03 14:07:21 | |
CentOS 7 ELS | libwebp | 0.3.0 | 8.8 | HIGH | Not Vulnerable | 2023-10-27 11:08:32 | |
CentOS 8.4 ELS | libwebp | 1.0.0 | 8.8 | HIGH | Released | CLSA-2023:1696970233 | 2023-10-10 17:07:33 |
CentOS 8.5 ELS | libwebp | 1.0.0 | 8.8 | HIGH | Released | CLSA-2023:1696970439 | 2023-10-10 17:07:31 |
CentOS Stream 8 ELS | libwebp | 1.0.0 | 8.8 | HIGH | Released | CLSA-2024:1717678054 | 2024-06-06 10:12:33 |
CloudLinux 6 ELS | libwebp | 0.4.3 | 8.8 | HIGH | Not Vulnerable | 2023-10-03 14:07:21 | |
CloudLinux 7 ELS | libwebp | 0.3.0 | 8.8 | HIGH | Not Vulnerable | 2024-08-16 05:30:39 | |
Oracle Linux 6 ELS | libwebp | 0.4.3 | 8.8 | HIGH | Not Vulnerable | 2023-10-03 14:07:21 | |
Ubuntu 16.04 ELS | libwebp | 0.4.4 | 8.8 | HIGH | Not Vulnerable | 2023-10-03 14:07:28 | |
Ubuntu 18.04 ELS | libwebp | 0.6.1 | 8.8 | HIGH | Released | CLSA-2023:1697016696 | 2023-10-11 09:32:40 |
Not affected because the vulnerable code is absent.