CVE-2023-45681

CVE-2023-45681 affects the stb_vorbis library used by stb_vorbis (single-file MIT licensed) for OGG Vorbis processing. A crafted file may trigger a memory write past an allocated heap buffer in start_decoder due to an integer overflow in sizeof(char*) * (f->comment_list_length), causing under-...

CVE-2023-45681

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

Amazon Linux 2 : libwebp12 (ALAS-2023-2290)

The version of libwebp12 installed on the remote host is prior to 1.2.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2290 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memor...

Amazon Linux 2 : thunderbird (ALAS-2023-2291)

The version of thunderbird installed on the remote host is prior to 102.15.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2291 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds...

Important: libwebp12

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: libwebp12 Note: This advisory is applicable to...

CVE-2023-45863

An out-of-bounds memory write flaw was found in the load/unload module in the Linux kernel's kobject functionality, potentially triggering a race condition in the kobjectgetpath function. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-015)

The version of firefox installed on the remote host is prior to 102.15.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2023-015 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bound...

OESA-2023-1713 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to...

Mageia: Security Advisory (MGASA-2023-0282)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Bundled libwebp in pywebp vulnerable

Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. Patches The problem has been patched upstream in libwebp 1.3.2. pywe...

GHSA-F9PM-4G9P-6VM3 Bundled libwebp in pywebp vulnerable

Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. Patches The problem has been patched upstream in libwebp 1.3.2. pywe...

Fedora 37 : thunderbird (2023-6b5635d7d3)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6b5635d7d3 advisory. Update to 102.15.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/ ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/ ;...

RockyLinux 8 : thunderbird (RLSA-2023:5201)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5201 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the RockyLinux security...

openSUSE 15 Security Update : seamonkey (openSUSE-SU-2023:0278-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0278-1 advisory. - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory...

Updated libwebp packages fix a security vulnerability

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

Low: libwebp

Issue Overview: No CVE associated with this advisory Affected Packages: libwebp Issue Correction: Run dnf update libwebp --releasever 2023.2.20231002 or dnf update --advisory ALAS2023-2023-358 --releasever 2023.2.20231002 to update your system. More information on how to update your system can be...

Amazon Linux 2023 : libwebp, libwebp-devel, libwebp-java (ALAS2023-2023-358)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-358 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libwebp (SUSE-SU-2023:3829-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3829-1 advisory. - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a...

Ubuntu 18.04 ESM : libwebp vulnerability (USN-6369-2)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6369-2 advisory. USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the preceding description...

WebM Project WebP Image Library (libwebp) < 1.3.2 Vulnerability

The version of WebM Project WebP Image Library libwebp installed on the remote host is prior to 1.3.2. It is, therefore, affected by a vulnerability: - Heap buffer overflow in libwebp prior to libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a specially crafted...