Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43316
HistorySep 19, 2023 - 9:25 p.m.

Heap Buffer Overflow

2023-09-1921:25:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
heap buffer overflow
vulnerable libraries
buildhuffmantable
vp8l_dec.c
remote exploitation
data corruption

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.629

Percentile

97.9%

various libraries that include webp are vulnerable to Heap Buffer Overflow. The vulnerability is caused by an out of bounds heap memory write in a function BuildHuffmanTable in file src/dec/vp8l_dec.c in library libwebp. This can potentially overwrite adjacent memory and corrupt data and can be exploited by hackers take over systems and devices remotely.

References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.629

Percentile

97.9%