Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to 1.3.2 to include a patch for “OOB write in BuildHuffmanTable”.

CPENameOperatorVersion
libwebp-sys2lt0.1.8

CPE	Name	Operator	Version
	libwebp-sys2	lt	0.1.8

References

crates.io/crates/libwebp-sys2

rustsec.org/advisories/RUSTSEC-2023-0060.html

ubuntucve 1

kaspersky 5

nessus 74

redhat 22

osv 19

cnvd 1

github 4

redhatcve 1

openvas 28

alpinelinux 2

prion 2

rocky 2

attackerkb 2

mozilla 1

f5 1

cve 2

photon 1

talosblog 1

debiancve 2

oraclelinux 4

fedora 7

paloalto 1

mageia 1

slackware 1

freebsd 1

hp 1

githubexploit 1

cgr 1

redos 1

hivepro 1

amazon 1

almalinux 1

cloudfoundry 1

ibm 2

debian 2

wolfi 1

ubuntucve

CVE-2023-5129

2023-09-25 00:00:00

kaspersky

KLA60726 DoS vulnerability in Mozilla Firefox ESR

2023-09-12 00:00:00

KLA60725 DoS vulnerability in Mozilla Thunderbird

2023-09-12 00:00:00

KLA60727 DoS vulnerability in Mozilla Firefox

2023-09-12 00:00:00

nessus

CentOS 7 : firefox (RHSA-2023:5197)

2023-12-22 00:00:00

RHEL 8 : thunderbird (RHSA-2023:5186)

2023-09-18 00:00:00

RHEL 8 : firefox (RHSA-2023:5184)

2023-09-18 00:00:00

redhat

(RHSA-2023:5197) Important: firefox security update

2023-09-18 12:54:43

(RHSA-2023:5192) Important: firefox security update

2023-09-18 12:53:16

(RHSA-2023:5189) Important: libwebp security update

2023-09-18 12:53:09

osv

CVE-2023-4863

2023-09-12 15:15:24

Important: thunderbird security update

2023-10-06 22:57:16

Bundled libwebp in Pillow vulnerable

2023-10-05 00:06:58

cnvd

Google libwebp open source library remote code execution vulnerability

2023-09-27 00:00:00

github

Bundled libwebp in imagecodecs vulnerable

2023-10-05 00:07:46

Bundled libwebp in Pillow vulnerable

2023-10-05 00:06:58

Vulnerable version of libwebp and can be exploited with a malicious source image

2023-10-06 20:46:33

redhatcve

CVE-2023-5129

2023-09-27 17:55:08

openvas

Mozilla Firefox Security Advisory (MFSA2023-40) - Linux

2023-09-13 00:00:00

Fedora: Security Advisory for libwebp (FEDORA-2023-e692a72898)

2023-10-16 00:00:00

Fedora: Security Advisory for libwebp (FEDORA-2023-2a0668fe43)

2023-10-01 00:00:00

alpinelinux

CVE-2023-5129

2023-09-25 21:15:16

CVE-2023-4863

2023-09-12 15:15:24

prion

Open redirect

2023-09-25 21:15:00

Heap overflow

2023-09-12 15:15:00

rocky

thunderbird security update

2023-10-06 22:57:16

libwebp security update

2023-10-06 22:58:06

attackerkb

CVE-2023-5129

2023-09-25 00:00:00

CVE-2023-4863

2023-09-12 00:00:00

mozilla

Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla

2023-09-12 00:00:00

K000137054 : libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129

2023-09-29 00:00:00

cve

CVE-2023-5129

2023-09-25 21:15:16

CVE-2023-4863

2023-09-12 15:15:24

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0657

2023-09-28 00:00:00

talosblog

The security pitfalls of social media sites offering ID-based authentication

2023-09-28 18:00:11

debiancve

CVE-2023-5129

2023-09-25 21:15:00

CVE-2023-4863

2023-09-12 15:15:24

oraclelinux

firefox security update

2023-09-19 00:00:00

libwebp security update

2023-09-20 00:00:00

libwebp security update

2023-09-19 00:00:00

fedora

[SECURITY] Fedora 39 Update: libwebp-1.3.1-3.fc39

2023-09-15 19:54:26

[SECURITY] Fedora 37 Update: libwebp-1.3.1-3.fc37

2023-09-16 01:41:44

[SECURITY] Fedora 39 Update: firefox-117.0.1-2.fc39

2023-09-17 00:15:26

paloalto

Impact of libwebp Vulnerability CVE-2023-4863

2023-10-02 23:40:00

mageia

Updated libwebp packages fix a security vulnerability

2023-10-03 13:53:29

slackware

[slackware-security] mozilla-thunderbird

2023-09-14 02:32:34

freebsd

graphics/webp heap buffer overflow

2023-09-12 00:00:00

Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Buffer Overflow

2024-02-20 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2023-09-21 05:22:51

cgr

CVE-2023-4863 vulnerabilities

2024-05-09 09:06:40

redos

ROS-20240404-15

2024-04-04 00:00:00

hivepro

Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly

2023-09-12 13:05:09

amazon

Important: qt5-qtimageformats

2023-11-09 19:19:00

almalinux

Important: thunderbird security update

2023-09-19 00:00:00

cloudfoundry

USN-6369-1: libwebp vulnerability | Cloud Foundry

2023-10-12 00:00:00

ibm

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

2023-10-20 09:35:15

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed a security vulnerability (CVE-2023-4863)

2023-11-29 22:25:21

debian

[SECURITY] [DLA 3569-1] thunderbird security update

2023-09-17 09:42:58

[SECURITY] [DSA 5497-1] libwebp security update

2023-09-13 21:08:27

wolfi

CVE-2023-4863 vulnerabilities

2024-05-09 09:06:40

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.68 Medium

EPSS

Percentile

97.9%

JSON

Related for OSV:RUSTSEC-2023-0060