Amazon Linux 2 : firefox (ALASFIREFOX-2023-015)

The version of firefox installed on the remote host is prior to 102.15.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2023-015 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bound...

OESA-2023-1713 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to...

Mageia: Security Advisory (MGASA-2023-0282)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-F9PM-4G9P-6VM3 Bundled libwebp in pywebp vulnerable

Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. Patches The problem has been patched upstream in libwebp 1.3.2. pywe...

Bundled libwebp in pywebp vulnerable

Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. Patches The problem has been patched upstream in libwebp 1.3.2. pywe...

Fedora 37 : thunderbird (2023-6b5635d7d3)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6b5635d7d3 advisory. Update to 102.15.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/ ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/ ;...

RockyLinux 8 : thunderbird (RLSA-2023:5201)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5201 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the RockyLinux security...

openSUSE 15 Security Update : seamonkey (openSUSE-SU-2023:0278-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0278-1 advisory. - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory...

Updated libwebp packages fix a security vulnerability

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

Low: libwebp

Issue Overview: No CVE associated with this advisory Affected Packages: libwebp Issue Correction: Run dnf update libwebp --releasever 2023.2.20231002 or dnf update --advisory ALAS2023-2023-358 --releasever 2023.2.20231002 to update your system. More information on how to update your system can be...

Amazon Linux 2023 : libwebp, libwebp-devel, libwebp-java (ALAS2023-2023-358)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-358 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

Ubuntu 18.04 ESM : libwebp vulnerability (USN-6369-2)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6369-2 advisory. USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the preceding description...

WebM Project WebP Image Library (libwebp) < 1.3.2 Vulnerability

The version of WebM Project WebP Image Library libwebp installed on the remote host is prior to 1.3.2. It is, therefore, affected by a vulnerability: - Heap buffer overflow in libwebp prior to libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a specially crafted...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libwebp (SUSE-SU-2023:3829-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3829-1 advisory. - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a...

GHSA-4VJR-CRVH-383H @napi-rs/image affected by libwebp CVE

Impact Heap buffer overflow in libwebp allows a remote attacker to perform an out of bounds memory write via a crafted webp image. References - https://github.com/advisories/GHSA-j7hp-h8jx-5ppr - https://blog.isosceles.com/the-webp-0day/...

(0Day) Exim libspf2 Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly...

SUSE SLES12 Security Update : libwebp (SUSE-SU-2023:3794-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3794-1 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write v...

Rocky Linux 8 : libwebp (RLSA-2023:5309)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5309 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML pag...

Fedora 38 : thunderbird (2023-a7aba7e1b0)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a7aba7e1b0 advisory. Update to 102.15.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/ ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/ ;...

GHSA-J646-GJ5P-P45G CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild. Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical References -...