Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to 1.3.2 to include a patch for “OOB write in BuildHuffmanTable”.

CPENameOperatorVersion
libwebp-sys2lt0.1.8

CPE	Name	Operator	Version
	libwebp-sys2	lt	0.1.8

References

crates.io/crates/libwebp-sys2

rustsec.org/advisories/RUSTSEC-2023-0060.html

osv 24

nessus 74

redhat 22

ubuntucve 1

kaspersky 4

openvas 22

cnvd 2

github 4

alpinelinux 1

redhatcve 1

nvd 1

mozilla 1

attackerkb 1

rocky 4

f5 1

cve 1

prion 1

photon 1

talosblog 1

cvelist 1

debiancve 1

fedora 6

redos 1

chrome 1

thn 1

ubuntu 1

veracode 1

freebsd 1

slackware 1

almalinux 3

amazon 3

githubexploit 2

cloudfoundry 1

debian 3

cisa_kev 1

gitlab 1

cbl_mariner 1

oraclelinux 2

osv

CVE-2023-4863

2023-09-12 15:15:24

Important: thunderbird security update

2023-10-06 22:57:16

Important: libwebp security update

2023-10-06 22:58:06

nessus

RHEL 8 : libwebp (RHSA-2023:5309)

2023-09-20 00:00:00

RHEL 9 : thunderbird (RHSA-2023:5223)

2023-09-19 00:00:00

RHEL 8 : thunderbird (RHSA-2023:5202)

2023-09-18 00:00:00

redhat

(RHSA-2023:5197) Important: firefox security update

2023-09-18 12:54:43

(RHSA-2023:5188) Important: thunderbird security update

2023-09-18 12:53:08

(RHSA-2023:5189) Important: libwebp security update

2023-09-18 12:53:09

ubuntucve

CVE-2023-5129

2023-09-25 00:00:00

kaspersky

KLA60726 DoS vulnerability in Mozilla Firefox ESR

2023-09-12 00:00:00

KLA60725 DoS vulnerability in Mozilla Thunderbird

2023-09-12 00:00:00

KLA60727 DoS vulnerability in Mozilla Firefox

2023-09-12 00:00:00

openvas

Mozilla Firefox Security Advisory (MFSA2023-40) - Linux

2023-09-13 00:00:00

Fedora: Security Advisory for libwebp (FEDORA-2023-2a0668fe43)

2023-10-01 00:00:00

Fedora: Security Advisory for libwebp (FEDORA-2023-e692a72898)

2023-10-16 00:00:00

cnvd

Google libwebp open source library remote code execution vulnerability

2023-09-27 00:00:00

Google Chrome Buffer Overflow Vulnerability (CNVD-2023-71680)

2023-09-15 00:00:00

github

Bundled libwebp in imagecodecs vulnerable

2023-10-05 00:07:46

Bundled libwebp in Pillow vulnerable

2023-10-05 00:06:58

Imageflow affected by libwebp zero-day and should not be used with malicious source images.

2023-09-27 21:16:16

alpinelinux

CVE-2023-5129

2023-09-25 21:15:16

redhatcve

CVE-2023-5129

2023-09-27 17:55:08

nvd

CVE-2023-5129

2023-09-25 21:15:16

mozilla

Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla

2023-09-12 00:00:00

attackerkb

CVE-2023-5129

2023-09-25 00:00:00

rocky

libwebp security update

2023-10-06 22:58:06

thunderbird security update

2023-10-06 22:57:16

firefox security update

2023-09-19 12:09:00

K000137054 : libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129

2023-09-29 00:00:00

cve

CVE-2023-5129

2023-09-25 21:15:16

prion

Open redirect

2023-09-25 21:15:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0657

2023-09-28 00:00:00

talosblog

The security pitfalls of social media sites offering ID-based authentication

2023-09-28 18:00:11

cvelist

CVE-2023-5129

2023-09-25 20:42:25

debiancve

CVE-2023-5129

2023-09-25 21:15:00

fedora

[SECURITY] Fedora 37 Update: firefox-118.0.1-7.fc37

2023-10-10 01:33:42

[SECURITY] Fedora 38 Update: firefox-118.0.1-4.fc38

2023-10-06 01:31:45

[SECURITY] Fedora 39 Update: libwebp-1.3.2-2.fc39

2023-10-03 00:20:56

redos

ROS-20240404-15

2024-04-04 00:00:00

chrome

Stable Channel Update for Desktop

2023-09-11 00:00:00

thn

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

2023-09-13 01:50:00

ubuntu

Firefox vulnerability

2023-09-14 00:00:00

veracode

Heap Buffer Overflow

2023-09-15 13:45:13

freebsd

libwebp heap buffer overflow

2023-09-12 00:00:00

slackware

[slackware-security] seamonkey

2023-09-21 19:43:16

almalinux

Important: firefox security update

2023-09-18 00:00:00

Important: thunderbird security update

2023-09-18 00:00:00

Important: libwebp security update

2023-09-19 00:00:00

amazon

Important: thunderbird

2023-10-12 15:08:00

Important: libwebp12

2023-10-12 15:08:00

Important: thunderbird

2023-10-12 15:08:00

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2023-09-25 10:33:09

Exploit for Out-of-bounds Write in Google Chrome

2023-12-18 23:12:25

cloudfoundry

| Cloud Foundry

2023-10-05 00:00:00

debian

[SECURITY] [DLA 3568-1] firefox-esr security update

2023-09-16 09:04:49

[SECURITY] [DLA 3570-1] libwebp security update

2023-09-18 12:07:01

[SECURITY] [DSA 5497-2] libwebp security update

2023-09-17 15:33:28

cisa_kev

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

2023-09-13 00:00:00

gitlab

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

cbl_mariner

CVE-2023-4863 affecting package libwebp for versions less than 1.3.2-1

2023-10-04 16:53:46

oraclelinux

firefox security update

2023-09-19 00:00:00

firefox security update

2023-09-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.609 Medium

EPSS

Percentile

97.8%

JSON

Related for OSV:RUSTSEC-2023-0060