CVE-2023-4863

Updated: 2024-07-31 21:28:59.383174

Description:

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 8.8

Known exploits

Added Date Description Due Date Notes
2023-09-13 Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec. 2023-10-04 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS libwebp 0.4.3 8.8 HIGH Not Vulnerable 2023-10-03 14:07:21
CentOS 7 ELS libwebp 0.3.0 8.8 HIGH Not Vulnerable 2023-10-27 11:08:32
CentOS 8.4 ELS libwebp 1.0.0 8.8 HIGH Released CLSA-2023:1696970233 2023-10-10 17:07:33
CentOS 8.5 ELS libwebp 1.0.0 8.8 HIGH Released CLSA-2023:1696970439 2023-10-10 17:07:31
CentOS Stream 8 ELS libwebp 1.0.0 8.8 HIGH Released CLSA-2024:1717678054 2024-06-06 10:12:33
CloudLinux 6 ELS libwebp 0.4.3 8.8 HIGH Not Vulnerable 2023-10-03 14:07:21
CloudLinux 7 ELS libwebp 0.3.0 8.8 HIGH Not Vulnerable 2024-08-16 05:30:39
Oracle Linux 6 ELS libwebp 0.4.3 8.8 HIGH Not Vulnerable 2023-10-03 14:07:21
Ubuntu 16.04 ELS libwebp 0.4.4 8.8 HIGH Not Vulnerable 2023-10-03 14:07:28
Ubuntu 18.04 ELS libwebp 0.6.1 8.8 HIGH Released CLSA-2023:1697016696 2023-10-11 09:32:40

Statement

Not affected because the vulnerable code is absent.