Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-5129HistorySep 25, 2023 - 9:15 p.m.
CVE-2023-5129
2023-09-2521:15:00
Debian Security Bug Tracker
security-tracker.debian.org
15
0.0004 Low
EPSS
Percentile
12.5%
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.
The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.
The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libwebp | < 1.2.4-0.2+deb12u1 | libwebp_1.2.4-0.2+deb12u1_all.deb |
| Debian | 11 | all | libwebp | < 0.6.1-2.1+deb11u2 | libwebp_0.6.1-2.1+deb11u2_all.deb |
| Debian | 10 | all | libwebp | < 0.6.1-2+deb10u3 | libwebp_0.6.1-2+deb10u3_all.deb |
| Debian | 999 | all | libwebp | < 1.2.4-0.3 | libwebp_1.2.4-0.3_all.deb |
Related
openvas
openvas
Fedora: Security Advisory for libwebp (FEDORA-2023-e692a72898)
2023-10-16 00:00:00
Fedora: Security Advisory for libwebp (FEDORA-2023-2a0668fe43)
2023-10-01 00:00:00
Fedora: Security Advisory for firefox (FEDORA-2023-09ec498a2a)
2023-10-11 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: firefox-118.0.1-4.fc38
2023-10-06 01:31:45
[SECURITY] Fedora 37 Update: firefox-118.0.1-7.fc37
2023-10-10 01:33:42
[SECURITY] Fedora 38 Update: libwebp-1.3.2-2.fc38
2023-09-30 03:35:49
redos
redos
ROS-20240404-15
2024-04-04 00:00:00
nessus
nessus
Amazon Linux 2023 : libwebp, libwebp-devel, libwebp-java (ALAS2023-2023-355)
2023-10-03 00:00:00
Rocky Linux 9 : libwebp (RLSA-2023:5214)
2023-10-06 00:00:00
RHEL 9 : libwebp (RHSA-2023:5204)
2023-09-18 00:00:00
cnvd
cnvd
Google libwebp open source library remote code execution vulnerability
2023-09-27 00:00:00
github
github
Bundled libwebp in imagecodecs vulnerable
2023-10-05 00:07:46
Bundled libwebp in Pillow vulnerable
2023-10-05 00:06:58
redhat
redhat
(RHSA-2023:5309) Important: libwebp security update
2023-09-20 06:41:26
(RHSA-2023:5204) Important: libwebp security update
2023-09-18 15:04:13
(RHSA-2023:5202) Important: thunderbird security update
2023-09-18 14:01:39
redhatcve
redhatcve
CVE-2023-5129
2023-09-27 17:55:08
osv
osv
Important: thunderbird security update
2023-10-06 22:57:16
CVE-2023-4863
2023-09-12 15:15:24
Important: libwebp security update
2023-10-06 22:58:06
alpinelinux
alpinelinux
CVE-2023-5129
2023-09-25 21:15:16
ubuntucve
ubuntucve
CVE-2023-5129
2023-09-25 00:00:00
kaspersky
kaspersky
KLA60726 DoS vulnerability in Mozilla Firefox ESR
2023-09-12 00:00:00
KLA60725 DoS vulnerability in Mozilla Thunderbird
2023-09-12 00:00:00
KLA60727 DoS vulnerability in Mozilla Firefox
2023-09-12 00:00:00
attackerkb
attackerkb
CVE-2023-5129
2023-09-25 00:00:00
mozilla
mozilla
f5
f5
K000137054 : libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129
2023-09-29 00:00:00
rocky
rocky
libwebp security update
2023-10-06 22:58:06
thunderbird security update
2023-10-06 22:57:16
cve
cve
CVE-2023-5129
2023-09-25 21:15:16
prion
prion
Open redirect
2023-09-25 21:15:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0657
2023-09-28 00:00:00
talosblog
talosblog
The security pitfalls of social media sites offering ID-based authentication
2023-09-28 18:00:11
thn
thn
gentoo
gentoo
Mozilla Firefox: Multiple Vulnerabilities
2024-01-07 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2023-12-18 18:02:34