Lucene search

CVE-2023-5217

🗓️ 28 Sep 2023 16:10:15Reported by ChromeType

cve🔗 web.nvd.nist.gov📰️ 63 Media mentions👁 778 Views🌐 WEB

Heap buffer overflow in vp8 encoding in libvpx in Google Chrom

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Malwarebytes	Update Chrome now! Google patches another actively exploited vulnerability	29 Sep 202311:15	–	malwarebytes
Malwarebytes	Update now! Apple patches vulnerabilities on iPhone and iPad	5 Oct 202305:00	–	malwarebytes
UbuntuCve	CVE-2023-5217	29 Sep 202300:00	–	ubuntucve
Tenable Nessus	Fedora 39 : libvpx (2023-10ff82e497)	7 Nov 202300:00	–	nessus
Tenable Nessus	Mozilla Firefox < 118.0.1	28 Sep 202300:00	–	nessus
Tenable Nessus	Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2023-273-02)	30 Sep 202300:00	–	nessus
Tenable Nessus	Fedora 38 : thunderbird (2023-1f5f7b9b92)	7 Oct 202300:00	–	nessus
Tenable Nessus	Debian dla-3591 : firefox-esr - security update	30 Sep 202300:00	–	nessus
Tenable Nessus	Mozilla Firefox < 118.0.1	28 Sep 202300:00	–	nessus
Tenable Nessus	Slackware Linux 15.0 / current libvpx Vulnerability (SSA:2023-273-01)	30 Sep 202300:00	–	nessus

Nvd

Vulners

Node

webmproject libvpxRange<1.13.1

Node

microsoft edgeMatch116.0.1938.98

microsoft edgeMatch117.0.2045.47

microsoft edge_chromiumMatch116.0.5845.229

microsoft edge_chromiumMatch117.0.5938.132

Node

mozilla firefoxRange<115.3.1esr

mozilla firefoxRange<118.0.1-

mozilla firefoxRange<118.1android

mozilla thunderbirdRange<115.3.1

Node

fedoraproject fedoraMatch37

fedoraproject fedoraMatch38

fedoraproject fedoraMatch39

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

debian debian_linuxMatch12.0

Node

apple ipadosRange17.0–17.0.3

apple ipadosMatch16.7

apple iphone_osRange17.0–17.0.3

apple iphone_osMatch16.7

Node

google chromeRange<117.0.5938.132

Node

redhat enterprise_linuxMatch9.0

[
  {
    "vendor": "Google",
    "product": "Chrome",
    "versions": [
      {
        "version": "117.0.5938.132",
        "status": "affected",
        "lessThan": "117.0.5938.132",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Google",
    "product": "libvpx",
    "versions": [
      {
        "version": "1.13.1",
        "status": "affected",
        "lessThan": "1.13.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
stackdiary	www.stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/
openwall	www.openwall.com/lists/oss-security/2023/09/30/5
openwall	www.openwall.com/lists/oss-security/2023/09/29/1
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/
pastebin	www.pastebin.com/TdkC4pDv
openwall	www.openwall.com/lists/oss-security/2023/09/29/14
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/
openwall	www.openwall.com/lists/oss-security/2023/09/28/6
openwall	www.openwall.com/lists/oss-security/2023/09/28/5

Parameter	Position	Path	Description	CWE
vp8	request body	/libvpx/vp8/encoder.c	Heap buffer overflow vulnerability in VP8 encoding allowing remote attackers to exploit heap corruption via a crafted HTML page.	CWE-787
HTML	request body	/libvpx/vp8/encoder.c	Heap buffer overflow vulnerability in VP8 encoding allowing remote attackers to exploit heap corruption via a crafted HTML page.	CWE-787

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Sep 2023 16:15Current

9.2High risk

Vulners AI Score9.2

CVSS38.8

EPSS0.01748