8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.609 Medium
EPSS
Percentile
97.8%
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187
and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds
memory write via a crafted HTML page. (Chromium security severity:
Critical)
Author | Note |
---|---|
alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu |
mdeslaur | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap |
rodrigo-zaiden | in libwebp source, it seems like the affected versions starts from 0.5.0, with a high probability that the commit f75dfbf2 is the one adding the issue. I can be wrong in my assumption but, at least, the reproducer available in the the-webp-0day blog post, reproduces in 0.5.0 but not in 0.4.4, and the buffer huffman_tables was added in the mentioned commit. in Ubuntu, libwebp versions earlier than 0.5.0 does not contain the affected code, hence are probably not affected. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | firefox | < 117.0.1+build2-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | libwebp | < 0.6.1-2ubuntu0.18.04.2+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | libwebp | < 0.6.1-2ubuntu0.20.04.3 | UNKNOWN |
ubuntu | 22.04 | noarch | libwebp | < 1.2.2-2ubuntu0.22.04.2 | UNKNOWN |
ubuntu | 23.04 | noarch | libwebp | < 1.2.4-0.1ubuntu0.23.04.2 | UNKNOWN |
ubuntu | 23.10 | noarch | libwebp | < 1.2.4-0.2ubuntu1 | UNKNOWN |
ubuntu | 24.04 | noarch | libwebp | < 1.2.4-0.2ubuntu1 | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:102.15.1+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | thunderbird | < 1:102.15.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 23.04 | noarch | thunderbird | < 1:102.15.1+build1-0ubuntu0.23.04.1 | UNKNOWN |
blog.isosceles.com/the-webp-0day/
chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a
launchpad.net/bugs/cve/CVE-2023-4863
nvd.nist.gov/vuln/detail/CVE-2023-4863
security-tracker.debian.org/tracker/CVE-2023-4863
ubuntu.com/security/notices/USN-6367-1
ubuntu.com/security/notices/USN-6368-1
ubuntu.com/security/notices/USN-6369-1
ubuntu.com/security/notices/USN-6369-2
www.cve.org/CVERecord?id=CVE-2023-4863
www.mozilla.org/en-US/security/advisories/mfsa2023-40/