Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310833751HistoryMar 04, 2024 - 12:00 a.m.
openSUSE: Security Advisory for libwebp (SUSE-SU-2023:3829-1)
2024-03-0400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
4
opensuse leap 15.4
libwebp
heap buffer overflow
cve-2023-4863
security update
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.609 Medium
EPSS
Percentile
97.8%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.833751");
script_version("2024-05-16T05:05:35+0000");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
script_cve_id("CVE-2023-4863");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-18 17:48:44 +0000 (Mon, 18 Sep 2023)");
script_tag(name:"creation_date", value:"2024-03-04 08:01:00 +0000 (Mon, 04 Mar 2024)");
script_name("openSUSE: Security Advisory for libwebp (SUSE-SU-2023:3829-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.4");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3829-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/JTCX7FZZEIOI7O3N2SHAH6Y7PVBSJ4XX");
script_tag(name:"summary", value:"The remote host is missing an update for the 'libwebp'
package(s) announced via the SUSE-SU-2023:3829-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for libwebp fixes the following issues:
* CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231).
##");
script_tag(name:"affected", value:"'libwebp' package(s) on openSUSE Leap 15.4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.4") {
if(!isnull(res = isrpmvuln(pkg:"libwebpdecoder2-debuginfo", rpm:"libwebpdecoder2-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpdecoder2", rpm:"libwebpdecoder2~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpmux2", rpm:"libwebpmux2~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpextras0", rpm:"libwebpextras0~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebp6", rpm:"libwebp6~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpmux2-debuginfo", rpm:"libwebpmux2-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebp6-debuginfo", rpm:"libwebp6-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpextras0-debuginfo", rpm:"libwebpextras0-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebp6-32bit", rpm:"libwebp6-32bit~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpextras0-32bit", rpm:"libwebpextras0-32bit~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpdecoder2-32bit-debuginfo", rpm:"libwebpdecoder2-32bit-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebp6-32bit-debuginfo", rpm:"libwebp6-32bit-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpextras0-32bit-debuginfo", rpm:"libwebpextras0-32bit-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpdecoder2-32bit", rpm:"libwebpdecoder2-32bit~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpmux2-32bit-debuginfo", rpm:"libwebpmux2-32bit-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpmux2-32bit", rpm:"libwebpmux2-32bit~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpdecoder2-debuginfo", rpm:"libwebpdecoder2-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpdecoder2", rpm:"libwebpdecoder2~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpmux2", rpm:"libwebpmux2~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpextras0", rpm:"libwebpextras0~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebp6", rpm:"libwebp6~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpmux2-debuginfo", rpm:"libwebpmux2-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebp6-debuginfo", rpm:"libwebp6-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpextras0-debuginfo", rpm:"libwebpextras0-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebp6-32bit", rpm:"libwebp6-32bit~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpextras0-32bit", rpm:"libwebpextras0-32bit~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpdecoder2-32bit-debuginfo", rpm:"libwebpdecoder2-32bit-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebp6-32bit-debuginfo", rpm:"libwebp6-32bit-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpextras0-32bit-debuginfo", rpm:"libwebpextras0-32bit-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpdecoder2-32bit", rpm:"libwebpdecoder2-32bit~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpmux2-32bit-debuginfo", rpm:"libwebpmux2-32bit-debuginfo~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebpmux2-32bit", rpm:"libwebpmux2-32bit~0.5.0~150000.3.14.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
kaspersky
kaspersky
KLA60569 DoS vulnerablity in Microsoft Browser
2023-09-12 00:00:00
KLA61312 DoS vulnerability in Opera
2023-09-13 00:00:00
KLA60003 DoS vulnerability in Google Chrome
2023-09-11 00:00:00
osv
osv
libwebp - security update
2023-09-13 00:00:00
thunderbird - security update
2023-09-15 00:00:00
firefox-esr - security update
2023-09-16 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2023-09-14 02:32:34
[slackware-security] seamonkey
2023-09-21 19:43:16
[slackware-security] libwebp
2023-09-14 21:21:47
nessus
nessus
Mozilla Firefox ESR < 102.15.1
2023-09-13 00:00:00
Debian DSA-5497-1 : libwebp - security update
2023-09-14 00:00:00
Mozilla Firefox ESR < 102.15.1
2023-09-13 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: libwebp-1.3.1-3.fc39
2023-09-15 19:54:26
[SECURITY] Fedora 37 Update: libwebp-1.3.1-3.fc37
2023-09-16 01:41:44
[SECURITY] Fedora 39 Update: firefox-117.0.1-2.fc39
2023-09-17 00:15:26
attackerkb
attackerkb
CVE-2023-4863
2023-09-12 00:00:00
freebsd
freebsd
graphics/webp heap buffer overflow
2023-09-12 00:00:00
libwebp heap buffer overflow
2023-09-12 00:00:00
prion
prion
Heap overflow
2023-09-12 15:15:00
paloalto
paloalto
Impact of libwebp Vulnerability CVE-2023-4863
2023-10-02 23:40:00
github
github
libwebp: OOB write in BuildHuffmanTable
2023-09-12 15:30:20
mageia
mageia
Updated libwebp packages fix a security vulnerability
2023-10-03 13:53:29
cgr
cgr
CVE-2023-4863 vulnerabilities
2024-05-19 03:07:16
oraclelinux
oraclelinux
thunderbird security update
2023-09-19 00:00:00
firefox security update
2023-09-19 00:00:00
libwebp security update
2023-09-20 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Google Chrome
2023-09-21 05:22:51
Exploit for Out-of-bounds Write in Google Chrome
2023-11-11 06:51:03
Exploit for Out-of-bounds Write in Google Chrome
2023-09-25 10:33:09
openvas
openvas
Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1014)
2024-01-05 00:00:00
Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1280)
2024-03-12 00:00:00
openSUSE: Security Advisory for seamonkey (openSUSE-SU-2023:0278-1)
2024-03-04 00:00:00
hp
hp
cvelist
cvelist
CVE-2023-4863
2023-09-12 14:24:59
nvd
nvd
CVE-2023-4863
2023-09-12 15:15:24
cve
cve
CVE-2023-4863
2023-09-12 15:15:24
debian
debian
[SECURITY] [DLA 3569-1] thunderbird security update
2023-09-17 09:42:33
[SECURITY] [DSA 5497-1] libwebp security update
2023-09-13 21:07:56
[SECURITY] [DLA 3570-1] libwebp security update
2023-09-18 12:07:01
alpinelinux
alpinelinux
CVE-2023-4863
2023-09-12 15:15:24
hivepro
hivepro
Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly
2023-09-12 13:05:09
debiancve
debiancve
CVE-2023-4863
2023-09-12 15:15:24
almalinux
almalinux
Important: thunderbird security update
2023-09-19 00:00:00
Important: firefox security update
2023-09-18 00:00:00
Important: libwebp security update
2023-09-20 00:00:00
cloudfoundry
cloudfoundry
USN-6369-1: libwebp vulnerability | Cloud Foundry
2023-10-12 00:00:00
| Cloud Foundry
2023-10-05 00:00:00
ibm
ibm
amazon
amazon
Important: qt5-qtimageformats
2023-11-09 19:19:00
Important: thunderbird
2023-10-12 15:08:00
Important: libwebp12
2023-10-12 15:08:00
wolfi
wolfi
CVE-2023-4863 vulnerabilities
2024-06-29 09:08:33
chrome
chrome
Stable Channel Update for Desktop
2023-09-11 00:00:00
thn
thn
ubuntu
ubuntu
Firefox vulnerability
2023-09-14 00:00:00
libwebp vulnerability
2023-09-28 00:00:00
veracode
veracode
Heap Buffer Overflow
2023-09-15 13:45:13
Heap Buffer Overflow
2023-09-19 21:25:54
rocky
rocky
firefox security update
2023-09-19 12:09:00
cnvd
cnvd
Google Chrome Buffer Overflow Vulnerability (CNVD-2023-71680)
2023-09-15 00:00:00
ubuntucve
ubuntucve
CVE-2023-4863
2023-09-12 00:00:00
mscve
mscve
Chromium: CVE-2023-4863 Heap buffer overflow in WebP
2023-09-12 07:00:47
redhatcve
redhatcve
CVE-2023-4863
2023-09-14 14:24:56
gitlab
gitlab
CefSharp affected by heap buffer overflow in WebP
2023-09-21 00:00:00
redhat
redhat
(RHSA-2023:5222) Important: libwebp security update
2023-09-19 07:11:07
ics
ics
Siemens Mendix Studio Pro
2023-11-16 12:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.609 Medium
EPSS
Percentile
97.8%
Related for OPENVAS:1361412562310833751