Lucene search
+L

59 matches found

Github Security Blog
Github Security Blog
added 2023/11/16 5:14 p.m.162 views

sharp vulnerability in libwebp dependency CVE-2023-4863

Overview sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. Who does this affect? Almost anyone processing untrusted input with versions of sharp prior to 0.32.6. How to resolve...

8.8CVSS7.1AI score0.99735EPSS
Exploits9References3Affected Software1
OSV
OSV
added 2023/10/02 9:7 a.m.9 views

OPENSUSE-SU-2023:0278-1 Security update for seamonkey

This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.17.1 Upstream libwebp security fix bug 1852749. CVE-2023-4863: Heap buffer overflow in libwebp bug 1852649. Fix bad string encoded in ansi. l10n fr problem only bug 1847887. SeaMonkey 2.53.17 uses the same backend as...

8.8CVSS9AI score0.99735EPSS
Exploits9References5
PyPA
PyPA
added 2023/09/29 9:14 p.m.13 views

PYSEC-2023-181

opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS8.1AI score0.99735EPSS
Exploits9References3Affected Software1
PyPA
PyPA
added 2023/09/29 9:14 p.m.14 views

PYSEC-2023-182

opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS8.1AI score0.99735EPSS
Exploits9References3Affected Software1
PyPA
PyPA
added 2023/09/29 9:14 p.m.14 views

PYSEC-2023-184

opencv-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS8.1AI score0.99735EPSS
Exploits9References3Affected Software1
OSV
OSV
added 2023/09/28 11:6 a.m.6 views

OESA-2023-1685 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop...

7.5CVSS8.8AI score0.00952EPSS
Exploits0References2
OSV
OSV
added 2023/09/28 3:20 a.m.5 views

USN-6369-2 libwebp vulnerability

USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted imag...

8.8CVSS7AI score0.99735EPSS
Exploits9References2
BDU FSTEC
BDU FSTEC
added 2023/09/13 12:0 a.m.8 views

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which involves reading beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the libwebp library for encoding and decoding WebP images involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.7AI score0.99735EPSS
Exploits9References25Affected Software18
OSV
OSV
added 2023/09/12 3:15 p.m.5 views

DEBIAN-CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS7.3AI score0.99735EPSS
Exploits9References1
Vulnrichment
Vulnrichment
added 2023/09/12 2:24 p.m.18 views

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

7.5AI score0.99735EPSS
Exploits9References45
Snyk
Snyk
added 2023/09/11 9:0 p.m.9 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes function to allocate the HuffmanCode buffer with a size that comes from an arra...

9.6CVSS9.2AI score0.99735EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.16 views

Ubuntu 16.04 ESM : libwebp vulnerability (USN-6078-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6078-2 advisory. USN-6078-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding description...

7.5CVSS7.2AI score0.00952EPSS
Exploits0References2
OSV
OSV
added 2023/06/20 12:15 p.m.9 views

AZL-27181 CVE-2023-1999 affecting package libwebp for versions less than 1.3.2-1

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

7.5CVSS7.2AI score0.00952EPSS
Exploits0References1
OSV
OSV
added 2023/06/20 12:15 p.m.2 views

DEBIAN-CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

7.5CVSS6.6AI score0.00952EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.5 views

The vulnerability of theEncodeAlphaInternal() function in the libwebp library allows for manipulation of image encoding and decoding processes in the WebP format by browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird. This vulnerability enables a malicious actor to cause service interruptions.

The vulnerability of theEncodeAlphaInternal function in the libwebp library, which is used for encoding and decoding images in the WebP format for browsers such as Mozilla Firefox, Firefox ESR, and the Thunderbird email client, is related to a repeated memory release mechanism. Exploiting this...

7.6CVSS6.6AI score0.00952EPSS
Exploits0References15Affected Software11
Tenable Nessus
Tenable Nessus
added 2023/05/17 12:0 a.m.36 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : libwebp vulnerability (USN-6078-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6078-1 advisory. Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked...

7.5CVSS7.4AI score0.00952EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/23 12:0 a.m.7 views

PT-2023-2930 · Google +9 · Libwebp +9

Name of the Vulnerable Software and Affected Versions: libwebp affected versions not specified Description: The issue is related to a use after free/double free in libwebp, which can be exploited by an attacker using the ApplyFiltersAndEncode function. This can lead to a denial of service. The...

9.8CVSS6.9AI score0.99735EPSS
Exploits10References264
Redos
Redos
added 2021/12/24 12:0 a.m.5 views

ROS-2-2215

2.2215 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...

9.8CVSS8.7AI score0.02662EPSS
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.10 views

ROS-2-1834

2.1834 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...

9.8CVSS8.7AI score0.03636EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2021/06/18 12:0 a.m.5 views

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which is related to buffer overflow in the “heap”, allows attackers to execute arbitrary code.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to buffer overflow in the “bucket” mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by creating a specially crafted file...

10CVSS8.6AI score0.02662EPSS
Exploits0References13Affected Software5
Rows per page
Query Builder