8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.245 Low
EPSS
Percentile
96.7%
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to
117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (Chromium security
severity: High)
Author | Note |
---|---|
alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu |
mdeslaur | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap |
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | firefox | <Β 118.0.1+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | libvpx | <Β 1.7.0-3ubuntu0.18.04.1+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | libvpx | <Β 1.8.2-1ubuntu0.2 | UNKNOWN |
ubuntu | 22.04 | noarch | libvpx | <Β 1.11.0-2ubuntu2.2 | UNKNOWN |
ubuntu | 23.04 | noarch | libvpx | <Β 1.12.0-1ubuntu1.2 | UNKNOWN |
ubuntu | 14.04 | noarch | libvpx | <Β any | UNKNOWN |
ubuntu | 16.04 | noarch | libvpx | <Β 1.5.0-2ubuntu1.1+esm2 | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs102 | <Β any | UNKNOWN |
ubuntu | 23.10 | noarch | mozjs102 | <Β any | UNKNOWN |
ubuntu | 24.04 | noarch | mozjs102 | <Β any | UNKNOWN |
www.openwall.com/lists/oss-security/2023/09/28/5
www.openwall.com/lists/oss-security/2023/09/28/6
chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
crbug.com/1486441
hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2
launchpad.net/bugs/cve/CVE-2023-5217
nvd.nist.gov/vuln/detail/CVE-2023-5217
security-tracker.debian.org/tracker/CVE-2023-5217
ubuntu.com/security/notices/USN-6403-1
ubuntu.com/security/notices/USN-6403-2
ubuntu.com/security/notices/USN-6403-3
ubuntu.com/security/notices/USN-6404-1
ubuntu.com/security/notices/USN-6405-1
www.cve.org/CVERecord?id=CVE-2023-5217
www.mozilla.org/en-US/security/advisories/mfsa2023-44/#CVE-2023-5217
www.openwall.com/lists/oss-security/2023/09/28/5