Lucene search

Veracode Vulnerability DatabaseVERACODE:43288

HistorySep 15, 2023 - 1:45 p.m.

Heap Buffer Overflow

2023-09-1513:45:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.68 Medium

EPSS

Percentile

97.9%

JSON

libwebp.so is vulnerable to Out Of Bounds Memory Write. The vulnerability is due to the BuildHuffmanTable function in src/dec/vp8l_dec.c improperly allocating memory to the table when parsing a stream, which results in an application crash or Arbitrary Code Execution when reading a webp image file.

CPENameOperatorVersion
libwebp.sole7.1.7
qt5-qtimageformats:edgeeq5.15.5_git20220617-r0
qt5-qtimageformats:edgeeq5.15.4_git20220407-r0
qt5-qtimageformats:edgeeq5.15.6_git20220907-r1
qt5-qtimageformats:edgeeq5.14.2-r0
qt5-qtimageformats:edgeeq5.15.8_git20230103-r0
qt5-qtimageformats:edgeeq5.15.6_git20220907-r0
qt5-qtimageformats:edgeeq5.15.10_git20230612-r0
qt5-qtimageformats:edgeeq5.15.2-r0
qt5-qtimageformats:edgeeq5.14.1-r0

Name	Operator	Version
libwebp.so	le	7.1.7
qt5-qtimageformats:edge	eq	5.15.5_git20220617-r0
qt5-qtimageformats:edge	eq	5.15.4_git20220407-r0
qt5-qtimageformats:edge	eq	5.15.6_git20220907-r1
qt5-qtimageformats:edge	eq	5.14.2-r0
qt5-qtimageformats:edge	eq	5.15.8_git20230103-r0
qt5-qtimageformats:edge	eq	5.15.6_git20220907-r0
qt5-qtimageformats:edge	eq	5.15.10_git20230612-r0
qt5-qtimageformats:edge	eq	5.15.2-r0
qt5-qtimageformats:edge	eq	5.14.1-r0

Rows per page:

1-10 of 13121

References

www.openwall.com/lists/oss-security/2023/09/21/4

www.openwall.com/lists/oss-security/2023/09/22/1

www.openwall.com/lists/oss-security/2023/09/22/3

www.openwall.com/lists/oss-security/2023/09/22/4

www.openwall.com/lists/oss-security/2023/09/22/5

www.openwall.com/lists/oss-security/2023/09/22/6

www.openwall.com/lists/oss-security/2023/09/22/7

www.openwall.com/lists/oss-security/2023/09/22/8

www.openwall.com/lists/oss-security/2023/09/26/1

www.openwall.com/lists/oss-security/2023/09/26/7

www.openwall.com/lists/oss-security/2023/09/28/1

www.openwall.com/lists/oss-security/2023/09/28/2

www.openwall.com/lists/oss-security/2023/09/28/4

adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/

blog.isosceles.com/the-webp-0day/

bugzilla.suse.com/show_bug.cgi?id=1215231

chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76

chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a

crbug.com/1479274

en.bandisoft.com/honeyview/history/

github.com/mistymntncop/CVE-2023-4863

github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76

github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a

github.com/webmproject/libwebp/releases/tag/v1.3.2

lists.debian.org/debian-lts-announce/2023/09/msg00015.html

lists.debian.org/debian-lts-announce/2023/09/msg00016.html

lists.debian.org/debian-lts-announce/2023/09/msg00017.html

lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/

lists.fedoraproject.org/archives/list/[email protected]/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/

lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/

lists.fedoraproject.org/archives/list/[email protected]/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/

lists.fedoraproject.org/archives/list/[email protected]/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/

lists.fedoraproject.org/archives/list/[email protected]/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/

lists.fedoraproject.org/archives/list/[email protected]/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863

news.ycombinator.com/item?id=37478403

security-tracker.debian.org/tracker/CVE-2023-4863

security.gentoo.org/glsa/202309-05

security.gentoo.org/glsa/202401-10

security.netapp.com/advisory/ntap-20230929-0011/

sethmlarson.dev/security-developer-in-residence-weekly-report-16

stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

www.bentley.com/advisories/be-2023-0001/

www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/

www.debian.org/security/2023/dsa-5496

www.debian.org/security/2023/dsa-5497

www.debian.org/security/2023/dsa-5498

www.mozilla.org/en-US/security/advisories/mfsa2023-40/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.68 Medium

EPSS

Percentile

97.9%

JSON

Heap Buffer Overflow

References

Related