FreeBSD58A738D4-57AF-11EE-8C58-B42E991FC52E

HistorySep 12, 2023 - 12:00 a.m.

libwebp heap buffer overflow

2023-09-1200:00:00

vuxml.freebsd.org

heap buffer overflow

google chrome

tor browser

libwebp

out of bounds memory write

chrome cve

geckoview

firefox

severity critical

unix

0.611 Medium

EPSS

Percentile

97.8%

JSON

[email protected] reports:

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write
via a crafted HTML page. (Chromium security severity: Critical)
The Tor browser is based on Firefox and GeckoView and uses also
libwep so it is affected by this bug.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtor-browser< 12.5.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	tor-browser	< 12.5.3	UNKNOWN

References

nvd.nist.gov/vuln/detail/CVE-2023-4863

nessus

Rocky Linux 8 : firefox (RLSA-2023:5184)

2023-09-19 00:00:00

Fedora 37 : libwebp (2023-3388038193)

2023-09-16 00:00:00

Amazon Linux 2023 : libwebp, libwebp-devel, libwebp-java (ALAS2023-2023-358)

2023-10-03 00:00:00

oraclelinux

thunderbird security update

2023-09-19 00:00:00

libwebp security update

2023-09-19 00:00:00

libwebp security update

2023-09-20 00:00:00

kaspersky

KLA60569 DoS vulnerablity in Microsoft Browser

2023-09-12 00:00:00

KLA61312 DoS vulnerability in Opera

2023-09-13 00:00:00

attackerkb

CVE-2023-4863

2023-09-12 00:00:00

prion

Heap overflow

2023-09-12 15:15:00

github

Vulnerable version of libwebp and can be exploited with a malicious source image

2023-10-06 20:46:33

sharp vulnerability in libwebp dependency CVE-2023-4863

2023-11-16 17:14:15

Bundled libwebp in pywebp vulnerable

2023-10-06 16:59:22

cgr

CVE-2023-4863 vulnerabilities

2024-05-19 03:07:16

freebsd

graphics/webp heap buffer overflow

2023-09-12 00:00:00

openvas

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1280)

2024-03-12 00:00:00

openSUSE: Security Advisory for seamonkey (openSUSE-SU-2023:0278-1)

2024-03-04 00:00:00

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1014)

2024-01-05 00:00:00

slackware

[slackware-security] mozilla-thunderbird

2023-09-14 02:32:34

[slackware-security] libwebp

2023-09-14 21:21:47

paloalto

Impact of libwebp Vulnerability CVE-2023-4863

2023-10-02 23:40:00

mageia

Updated libwebp packages fix a security vulnerability

2023-10-03 13:53:29

cve

CVE-2023-4863

2023-09-12 15:15:24

Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Buffer Overflow

2024-02-20 00:00:00

fedora

[SECURITY] Fedora 39 Update: libwebp-1.3.1-3.fc39

2023-09-15 19:54:26

[SECURITY] Fedora 37 Update: libwebp-1.3.1-3.fc37

2023-09-16 01:41:44

[SECURITY] Fedora 39 Update: firefox-117.0.1-2.fc39

2023-09-17 00:15:26

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2023-09-21 05:22:51

Exploit for Out-of-bounds Write in Google Chrome

2024-02-03 12:27:37

osv

Important: libwebp security update

2023-09-20 00:00:00

libwebp - security update

2023-09-13 00:00:00

thunderbird - security update

2023-09-15 00:00:00

cvelist

CVE-2023-4863

2023-09-12 14:24:59

gitlab

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

ics

Siemens Mendix Studio Pro

2023-11-16 12:00:00

mscve

Chromium: CVE-2023-4863 Heap buffer overflow in WebP

2023-09-12 07:00:47

redhat

(RHSA-2023:5222) Important: libwebp security update

2023-09-19 07:11:07

almalinux

Important: libwebp security update

2023-09-20 00:00:00

Important: libwebp security update

2023-09-19 00:00:00

Important: firefox security update

2023-09-18 00:00:00

ubuntu

libwebp vulnerability

2023-09-28 00:00:00

libwebp vulnerability

2023-09-14 00:00:00

redhatcve

CVE-2023-4863

2023-09-14 14:24:56

veracode

Heap Buffer Overflow

2023-09-19 21:25:54

debian

[SECURITY] [DSA 5498-1] thunderbird security update

2023-09-15 16:40:56

[SECURITY] [DSA 5496-1] firefox-esr security update

2023-09-13 20:46:32

[SECURITY] [DSA 5497-2] libwebp security update

2023-09-17 15:33:28

ubuntucve

CVE-2023-4863

2023-09-12 00:00:00

redos

ROS-20230920-03

2023-09-20 00:00:00

cisa_kev

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

2023-09-13 00:00:00

rocky

libwebp security update

2023-09-26 13:26:19

cbl_mariner

CVE-2023-4863 affecting package libwebp for versions less than 1.3.2-1

2023-10-04 16:53:46

hivepro

Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly

2023-09-12 13:05:09

ibm

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

2023-10-20 09:35:15

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed a security vulnerability (CVE-2023-4863)

2023-11-29 22:25:21

alpinelinux

CVE-2023-4863

2023-09-12 15:15:24

cloudfoundry

USN-6369-1: libwebp vulnerability | Cloud Foundry

2023-10-12 00:00:00

amazon

Important: qt5-qtimageformats

2023-11-09 19:19:00

debiancve

CVE-2023-4863

2023-09-12 15:15:24

wolfi

CVE-2023-4863 vulnerabilities

2024-06-01 15:24:07

libwebp heap buffer overflow

References

Related