GHSA-4VJR-CRVH-383H @napi-rs/image affected by libwebp CVE

Impact Heap buffer overflow in libwebp allows a remote attacker to perform an out of bounds memory write via a crafted webp image. References - https://github.com/advisories/GHSA-j7hp-h8jx-5ppr - https://blog.isosceles.com/the-webp-0day/...

SUSE SLES12 Security Update : libwebp (SUSE-SU-2023:3794-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3794-1 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write v...

(0Day) Exim libspf2 Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly...

Rocky Linux 8 : libwebp (RLSA-2023:5309)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5309 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML pag...

Fedora 38 : thunderbird (2023-a7aba7e1b0)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a7aba7e1b0 advisory. Update to 102.15.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/ ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/ ;...

GHSA-J646-GJ5P-P45G CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild. Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical References -...

Slackware Linux 15.0 / current seamonkey Vulnerability (SSA:2023-264-03)

The version of seamonkey installed on the remote host is prior to 2.53.17.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-264-03 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds...

CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild. Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Chromium security severity: Critical References -...

FreeBSD : graphics/webp heap buffer overflow (4fd7a2fc-5860-11ee-a1b3-dca632daf43b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4fd7a2fc-5860-11ee-a1b3-dca632daf43b advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to...

FreeBSD : libwebp heap buffer overflow (58a738d4-57af-11ee-8c58-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 58a738d4-57af-11ee-8c58-b42e991fc52e advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to...

Oracle Linux 7 : firefox (ELSA-2023-5197)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-5197 advisory. 102.15.1-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libwebp (SUSE-SU-2023:3634-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3634-1 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to...

PYSEC-2023-306

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

Debian dla-3570 : libwebp-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3570 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3570-1 [email protected] https://www.debian.org/lts/security/...

Samsung Mobile Devices Use-After-Free Vulnerability

Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution...

Debian DSA-5498-1 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5498 advisory. A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution bullseye, this problem has been fixed in versio...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2023:3610-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3610-1 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:3626-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3626-1 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write v...

Heap Buffer Overflow

libwebp.so is vulnerable to Out Of Bounds Memory Write. The vulnerability is due to the BuildHuffmanTable function in src/dec/vp8ldec.c improperly allocating memory to the table when parsing a stream, which results in an application crash or Arbitrary Code Execution when reading a crafted webp...

Fedora 38 : libwebp (2023-c4fa8a204d)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c4fa8a204d advisory. Backport fix for CVE-2023-4863. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...