Gentoo FoundationGLSA-202309-05

HistorySep 17, 2023 - 12:00 a.m.

WebP: Multiple vulnerabilities

2023-09-1700:00:00

Gentoo Foundation

security.gentoo.org

webp

image format

vulnerabilities

upgrade

0.68 Medium

EPSS

Percentile

97.9%

JSON

Background

WebP is an image format employing both lossy and lossless compression.

Description

Multiple vulnerabilities have been discovered in WebP. Please review the CVE identifiers referenced below for details.

Impact

Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All WebP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-libs/libwebp-1.3.1_p20230908"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/libwebp< 1.3.1_p20230908UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-libs/libwebp	< 1.3.1_p20230908	UNKNOWN

nessus 72

hivepro 1

debiancve 1

ibm 2

debian 5

cloudfoundry 1

github 4

almalinux 5

alpinelinux 1

osv 21

openvas 44

amazon 1

wolfi 1

oraclelinux 8

kaspersky 2

prion 1

attackerkb 1

paloalto 1

mageia 1

slackware 2

fedora 3

freebsd 1

hp 1

githubexploit 2

cgr 1

cvelist 1

cve 1

gitlab 2

ics 1

redhatcve 1

ubuntu 2

redhat 1

mscve 1

veracode 1

ubuntucve 1

redos 1

cisa_kev 1

cbl_mariner 1

rocky 1

nessus

GLSA-202309-05 : WebP: Multiple vulnerabilities

2023-09-17 00:00:00

EulerOS 2.0 SP11 : libwebp (EulerOS-SA-2023-3248)

2024-01-16 00:00:00

FreeBSD : graphics/webp heap buffer overflow (4fd7a2fc-5860-11ee-a1b3-dca632daf43b)

2023-09-21 00:00:00

hivepro

Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly

2023-09-12 13:05:09

debiancve

CVE-2023-4863

2023-09-12 15:15:24

ibm

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed a security vulnerability (CVE-2023-4863)

2023-11-29 22:25:21

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

2023-10-20 09:35:15

debian

[SECURITY] [DLA 3569-1] thunderbird security update

2023-09-17 09:42:58

[SECURITY] [DSA 5497-1] libwebp security update

2023-09-13 21:07:56

[SECURITY] [DSA 5496-1] firefox-esr security update

2023-09-13 20:46:32

cloudfoundry

USN-6369-1: libwebp vulnerability | Cloud Foundry

2023-10-12 00:00:00

github

libwebp: OOB write in BuildHuffmanTable

2023-09-12 15:30:20

Vulnerable version of libwebp and can be exploited with a malicious source image

2023-10-06 20:46:33

sharp vulnerability in libwebp dependency CVE-2023-4863

2023-11-16 17:14:15

almalinux

Important: thunderbird security update

2023-09-19 00:00:00

Important: libwebp security update

2023-09-20 00:00:00

Important: firefox security update

2023-09-18 00:00:00

alpinelinux

CVE-2023-4863

2023-09-12 15:15:24

osv

thunderbird - security update

2023-09-17 00:00:00

PYSEC-2023-184

2023-09-29 21:31:48

Important: libwebp security update

2023-09-26 13:26:19

openvas

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0246-1)

2024-03-04 00:00:00

Ubuntu: Security Advisory (USN-6369-1)

2023-09-15 00:00:00

Slackware: Security Advisory (SSA:2023-257-01)

2023-09-15 00:00:00

amazon

Important: qt5-qtimageformats

2023-11-09 19:19:00

wolfi

CVE-2023-4863 vulnerabilities

2024-05-17 21:08:03

oraclelinux

libwebp security update

2023-09-20 00:00:00

firefox security update

2023-09-19 00:00:00

thunderbird security update

2023-09-19 00:00:00

kaspersky

KLA60569 DoS vulnerablity in Microsoft Browser

2023-09-12 00:00:00

KLA61312 DoS vulnerability in Opera

2023-09-13 00:00:00

prion

Heap overflow

2023-09-12 15:15:00

attackerkb

CVE-2023-4863

2023-09-12 00:00:00

paloalto

Impact of libwebp Vulnerability CVE-2023-4863

2023-10-02 23:40:00

mageia

Updated libwebp packages fix a security vulnerability

2023-10-03 13:53:29

slackware

[slackware-security] mozilla-thunderbird

2023-09-14 02:32:34

[slackware-security] libwebp

2023-09-14 21:21:47

fedora

[SECURITY] Fedora 39 Update: libwebp-1.3.1-3.fc39

2023-09-15 19:54:26

[SECURITY] Fedora 37 Update: libwebp-1.3.1-3.fc37

2023-09-16 01:41:44

[SECURITY] Fedora 39 Update: firefox-117.0.1-2.fc39

2023-09-17 00:15:26

freebsd

graphics/webp heap buffer overflow

2023-09-12 00:00:00

Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Buffer Overflow

2024-02-20 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2023-09-21 05:22:51

Exploit for Out-of-bounds Write in Google Chrome

2024-02-03 12:27:37

cgr

CVE-2023-4863 vulnerabilities

2024-05-17 15:41:37

cvelist

CVE-2023-4863

2023-09-12 14:24:59

cve

CVE-2023-4863

2023-09-12 15:15:24

gitlab

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

ics

Siemens Mendix Studio Pro

2023-11-16 12:00:00

redhatcve

CVE-2023-4863

2023-09-14 14:24:56

ubuntu

libwebp vulnerability

2023-09-14 00:00:00

libwebp vulnerability

2023-09-28 00:00:00

redhat

(RHSA-2023:5222) Important: libwebp security update

2023-09-19 07:11:07

mscve

Chromium: CVE-2023-4863 Heap buffer overflow in WebP

2023-09-12 07:00:47

veracode

Heap Buffer Overflow

2023-09-19 21:25:54

ubuntucve

CVE-2023-4863

2023-09-12 00:00:00

redos

ROS-20230920-03

2023-09-20 00:00:00

cisa_kev

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

2023-09-13 00:00:00

cbl_mariner

CVE-2023-4863 affecting package libwebp for versions less than 1.3.2-1

2023-10-04 16:53:46

rocky

libwebp security update

2023-09-26 13:26:19

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.68 Medium

EPSS

Percentile

97.9%

JSON

Related for GLSA-202309-05