Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to 1.3.2 to include a patch for “OOB write in BuildHuffmanTable”.

References

crates.io/crates/libwebp-sys

rustsec.org/advisories/RUSTSEC-2023-0061.html

cnvd 1

nessus 73

redhat 22

openvas 27

osv 25

github 4

alpinelinux 2

redhatcve 1

attackerkb 1

kaspersky 3

mozilla 1

githubexploit 3

nvd 1

ubuntucve 1

rocky 3

f5 1

cve 1

prion 1

photon 1

talosblog 1

debiancve 2

cvelist 1

fedora 5

redos 1

amazon 1

hivepro 1

debian 3

almalinux 4

cloudfoundry 1

ibm 2

wolfi 1

gitlab 1

oraclelinux 2

cbl_mariner 1

cnvd

Google libwebp open source library remote code execution vulnerability

2023-09-27 00:00:00

nessus

RHEL 9 : thunderbird (RHSA-2023:5224)

2023-09-19 00:00:00

Rocky Linux 8 : thunderbird (RLSA-2023:5201)

2023-10-06 00:00:00

Fedora 38 : libwebp (2023-2a0668fe43)

2023-09-30 00:00:00

redhat

(RHSA-2023:5202) Important: thunderbird security update

2023-09-18 14:01:39

(RHSA-2023:5204) Important: libwebp security update

2023-09-18 15:04:13

(RHSA-2023:5186) Important: thunderbird security update

2023-09-18 12:53:06

openvas

Mozilla Firefox Security Advisory (MFSA2023-40) - Linux

2023-09-13 00:00:00

Fedora: Security Advisory for libwebp (FEDORA-2023-e692a72898)

2023-10-16 00:00:00

Fedora: Security Advisory for libwebp (FEDORA-2023-2a0668fe43)

2023-10-01 00:00:00

osv

Important: thunderbird security update

2023-10-06 22:57:16

Bundled libwebp in imagecodecs vulnerable

2023-10-05 00:07:46

PYSEC-2023-175

2023-09-20 05:46:53

github

Bundled libwebp in imagecodecs vulnerable

2023-10-05 00:07:46

Bundled libwebp in Pillow vulnerable

2023-10-05 00:06:58

libwebp: OOB write in BuildHuffmanTable

2023-09-12 15:30:20

alpinelinux

CVE-2023-5129

2023-09-25 21:15:16

CVE-2023-4863

2023-09-12 15:15:24

redhatcve

CVE-2023-5129

2023-09-27 17:55:08

attackerkb

CVE-2023-5129

2023-09-25 00:00:00

kaspersky

KLA60725 DoS vulnerability in Mozilla Thunderbird

2023-09-12 00:00:00

KLA60726 DoS vulnerability in Mozilla Firefox ESR

2023-09-12 00:00:00

KLA60727 DoS vulnerability in Mozilla Firefox

2023-09-12 00:00:00

mozilla

Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla

2023-09-12 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2023-09-30 02:47:16

Exploit for Out-of-bounds Write in Google Chrome

2023-09-29 00:42:37

Exploit for Out-of-bounds Write in Google Chrome

2023-10-05 03:28:23

nvd

CVE-2023-5129

2023-09-25 21:15:16

ubuntucve

CVE-2023-5129

2023-09-25 00:00:00

rocky

libwebp security update

2023-10-06 22:58:06

thunderbird security update

2023-10-06 22:57:16

libwebp security update

2023-09-26 13:26:19

K000137054 : libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129

2023-09-29 00:00:00

cve

CVE-2023-5129

2023-09-25 21:15:16

prion

Open redirect

2023-09-25 21:15:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0657

2023-09-28 00:00:00

talosblog

The security pitfalls of social media sites offering ID-based authentication

2023-09-28 18:00:11

debiancve

CVE-2023-5129

2023-09-25 21:15:00

CVE-2023-4863

2023-09-12 15:15:24

cvelist

CVE-2023-5129

2023-09-25 20:42:25

fedora

[SECURITY] Fedora 37 Update: firefox-118.0.1-7.fc37

2023-10-10 01:33:42

[SECURITY] Fedora 38 Update: firefox-118.0.1-4.fc38

2023-10-06 01:31:45

[SECURITY] Fedora 37 Update: libwebp-1.3.2-2.fc37

2023-10-14 01:27:03

redos

ROS-20240404-15

2024-04-04 00:00:00

amazon

Important: qt5-qtimageformats

2023-11-09 19:19:00

hivepro

Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly

2023-09-12 13:05:09

debian

[SECURITY] [DSA 5497-1] libwebp security update

2023-09-13 21:07:56

[SECURITY] [DLA 3569-1] thunderbird security update

2023-09-17 09:42:33

[SECURITY] [DSA 5497-2] libwebp security update

2023-09-17 15:33:28

almalinux

Important: thunderbird security update

2023-09-19 00:00:00

Important: thunderbird security update

2023-09-18 00:00:00

Important: libwebp security update

2023-09-19 00:00:00

cloudfoundry

USN-6369-1: libwebp vulnerability | Cloud Foundry

2023-10-12 00:00:00

ibm

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed a security vulnerability (CVE-2023-4863)

2023-11-29 22:25:21

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

2023-10-20 09:35:15

wolfi

CVE-2023-4863 vulnerabilities

2024-09-16 09:11:42

gitlab

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

oraclelinux

firefox security update

2023-09-19 00:00:00

firefox security update

2023-09-19 00:00:00

cbl_mariner

CVE-2023-4863 affecting package libwebp for versions less than 1.3.2-1

2023-10-04 16:53:46

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.636

Percentile

97.9%

JSON

Related for OSV:RUSTSEC-2023-0061