Lucene search

K
githubGitHub Advisory DatabaseGHSA-4C29-GFRP-G6X9
HistoryOct 05, 2023 - 1:22 p.m.

CefSharp affected by libvpx's heap buffer overflow in vp8 encoding

2023-10-0513:22:50
GitHub Advisory Database
github.com
6
cefsharp
google chrome
heap buffer overflow
vp8 encoding
cve-2023-5217
exploit
heap corruption
html page
chromium
security severity
high
libvpx
software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%

Google is aware that an exploit for CVE-2023-5217 exists in the wild.

Description
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

Affected configurations

Vulners
Node
cefsharp.common.netcoreRange<117.2.20
OR
cefsharp.commonRange<117.2.20

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%