Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchlibwebp< 1.1.0-2.2libwebp-1.1.0-2.2.mga8
Mageia9noarchlibwebp< 1.3.0-2.1libwebp-1.3.0-2.1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	libwebp	< 1.1.0-2.2	libwebp-1.1.0-2.2.mga8
Mageia	9	noarch	libwebp	< 1.3.0-2.1	libwebp-1.3.0-2.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32280

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863

osv 23

openvas 42

nessus 69

chrome 1

thn 1

ubuntu 1

fedora 4

veracode 1

rocky 2

freebsd 2

slackware 2

almalinux 5

cnvd 1

amazon 4

github 4

cloudfoundry 2

debian 5

githubexploit 4

kaspersky 2

cisa_kev 1

gitlab 1

cbl_mariner 1

oraclelinux 6

redos 1

alpinelinux 1

hivepro 1

ibm 2

debiancve 1

wolfi 1

prion 1

paloalto 1

cgr 1

hp 1

cvelist 1

nvd 1

cve 1

attackerkb 1

osv

libwebp vulnerability

2023-09-28 03:20:17

libwebp vulnerability

2023-09-14 12:10:08

PYSEC-2023-181

2023-09-29 21:31:46

openvas

openSUSE: Security Advisory for libwebp (SUSE-SU-2023:3829-1)

2024-03-04 00:00:00

openSUSE: Security Advisory for MozillaFirefox (SUSE-SU-2023:3610-1)

2024-03-04 00:00:00

Mageia: Security Advisory (MGASA-2023-0282)

2023-10-10 00:00:00

nessus

Fedora 40 : libwebp (2023-d5faede1d6)

2024-04-29 00:00:00

Debian DSA-5496-1 : firefox-esr - security update

2023-09-14 00:00:00

Oracle Linux 8 : thunderbird (ELSA-2023-5201)

2023-09-19 00:00:00

chrome

Stable Channel Update for Desktop

2023-09-11 00:00:00

thn

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

2023-09-13 01:50:00

ubuntu

Firefox vulnerability

2023-09-14 00:00:00

fedora

[SECURITY] Fedora 38 Update: libwebp-1.3.1-3.fc38

2023-09-15 01:43:00

[SECURITY] Fedora 39 Update: libwebp-1.3.1-3.fc39

2023-09-15 19:54:26

[SECURITY] Fedora 37 Update: libwebp-1.3.1-3.fc37

2023-09-16 01:41:44

veracode

Heap Buffer Overflow

2023-09-15 13:45:13

rocky

firefox security update

2023-09-19 12:09:00

libwebp security update

2023-09-26 13:26:19

freebsd

libwebp heap buffer overflow

2023-09-12 00:00:00

graphics/webp heap buffer overflow

2023-09-12 00:00:00

slackware

[slackware-security] seamonkey

2023-09-21 19:43:16

[slackware-security] mozilla-thunderbird

2023-09-14 02:32:34

almalinux

Important: firefox security update

2023-09-18 00:00:00

Important: thunderbird security update

2023-09-18 00:00:00

Important: libwebp security update

2023-09-19 00:00:00

cnvd

Google Chrome Buffer Overflow Vulnerability (CNVD-2023-71680)

2023-09-15 00:00:00

amazon

Important: thunderbird

2023-10-12 15:08:00

Important: libwebp12

2023-10-12 15:08:00

Important: thunderbird

2023-10-12 15:08:00

github

Imageflow affected by libwebp zero-day and should not be used with malicious source images.

2023-09-27 21:16:16

Bundled libwebp in pywebp vulnerable

2023-10-06 16:59:22

libwebp: OOB write in BuildHuffmanTable

2023-09-12 15:30:20

cloudfoundry

| Cloud Foundry

2023-10-05 00:00:00

USN-6369-1: libwebp vulnerability | Cloud Foundry

2023-10-12 00:00:00

debian

[SECURITY] [DLA 3568-1] firefox-esr security update

2023-09-16 09:04:49

[SECURITY] [DLA 3570-1] libwebp security update

2023-09-18 12:07:01

[SECURITY] [DSA 5497-2] libwebp security update

2023-09-17 15:33:28

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2023-12-18 23:12:25

Exploit for Out-of-bounds Write in Google Chrome

2023-09-25 10:33:09

Exploit for Out-of-bounds Write in Google Chrome

2023-11-11 06:51:03

kaspersky

KLA60003 DoS vulnerability in Google Chrome

2023-09-11 00:00:00

KLA61312 DoS vulnerability in Opera

2023-09-13 00:00:00

cisa_kev

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

2023-09-13 00:00:00

gitlab

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

cbl_mariner

CVE-2023-4863 affecting package libwebp for versions less than 1.3.2-1

2023-10-04 16:53:46

oraclelinux

firefox security update

2023-09-19 00:00:00

firefox security update

2023-09-19 00:00:00

thunderbird security update

2023-09-19 00:00:00

redos

ROS-20230920-03

2023-09-20 00:00:00

alpinelinux

CVE-2023-4863

2023-09-12 15:15:24

hivepro

Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly

2023-09-12 13:05:09

ibm

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

2023-10-20 09:35:15

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed a security vulnerability (CVE-2023-4863)

2023-11-29 22:25:21

debiancve

CVE-2023-4863

2023-09-12 15:15:24

wolfi

CVE-2023-4863 vulnerabilities

2024-07-04 09:08:38

prion

Heap overflow

2023-09-12 15:15:00

paloalto

Impact of libwebp Vulnerability CVE-2023-4863

2023-10-02 23:40:00

cgr

CVE-2023-4863 vulnerabilities

2024-05-19 03:07:16

Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Buffer Overflow

2024-02-20 00:00:00

cvelist

CVE-2023-4863

2023-09-12 14:24:59

nvd

CVE-2023-4863

2023-09-12 15:15:24

cve

CVE-2023-4863

2023-09-12 15:15:24

attackerkb

CVE-2023-4863

2023-09-12 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.609 Medium

EPSS

Percentile

97.8%

JSON

Related for MGASA-2023-0282