PT-2023-1010 · Google+11 · Google Chrome+13

Smartkeyss

·

Publicado

2023-01-23

·

Atualizado

2026-06-15

·

CVE-2023-4863

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Nome do Software Vulnerável e Versões Afetadas Google Chrome versões anteriores a 116.0.5845.187 libwebp versões anteriores a 1.3.2 Firefox versões anteriores a 117.0.1+build2-0ubuntu0.20.04.1
Description Um estouro de buffer baseado em heap existe na biblioteca libwebp usada para codificação e decodificação de imagens WebP. Este problema ocorre durante a decodificação da imagem quando uma imagem WebP ou página HTML maliciosamente manipulada causa uma gravação de memória fora dos limites. Isso pode levar a uma negação de serviço, travamentos de aplicativos ou a execução de código arbitrário por um invasor remoto. A biblioteca está integrada em milhões de aplicativos, incluindo imagens de contêiner para Wordpress, Nginx e Python, que tiveram mais de 5 bilhões de downloads. Há relatos de que este problema foi explorado pelo Pegasus em um framework da Apple para leitura e gravação de imagens.
Recommendations Atualizar para a versão 116.0.5845.187 ou posterior. Atualizar para a versão 1.3.2 ou posterior. Atualizar para a versão 117.0.1+build2-0ubuntu0.20.04.1 ou posterior.

Exploit

Correção

DoS

RCE

Memory Corruption

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-125

Identificadores relacionados

ALSA-2023:5184
ALSA-2023:5200
ALSA-2023:5201
ALSA-2023:5214
ALSA-2023:5224
ALSA-2023:5309
ALSA-2023_0285
ALSA-2023_0288
ALSA-2023_0463
ALSA-2023_0476
ALSA-2023_1252
ALSA-2023_1336
ALSA-2023_1337
ALSA-2023_1368
ALSA-2023_1403
ALSA-2023_1407
ALSA-2023_2076
ALSA-2023_2078
ALSA-2023_3143
ALSA-2023_3150
ALSA-2023_3220
ALSA-2023_3221
ALSA-2023_3587
ALSA-2023_3588
ALSA-2023_3589
ALSA-2023_3590
ALSA-2023_4063
ALSA-2023_4064
ALSA-2023_4071
ALSA-2023_4076
ALSA-2023_4462
ALSA-2023_4468
ALSA-2023_4497
ALSA-2023_4499
ALSA-2023_4952
ALSA-2023_4954
ALSA-2023_4955
ALSA-2023_4958
ALSA-2023_5184
ALSA-2023_5200
ALSA-2023_5201
ALSA-2023_5214
ALSA-2023_5224
ALSA-2023_5309
ALSA-2024_1484
ALSA-2024_1485
ALSA-2024_1493
ALSA-2024_1494
ALSA-2025_16880
ALT-PU-2023-5596
ALT-PU-2023-5632
ALT-PU-2023-5701
ALT-PU-2023-5754
ALT-PU-2023-5790
ALT-PU-2023-5836
ALT-PU-2023-5876
ALT-PU-2023-5979
ALT-PU-2023-6281
ALT-PU-2023-6350
ALT-PU-2023-6351
ALT-PU-2023-6436
ALT-PU-2023-6567
ALT-PU-2023-7312
ALT-PU-2023-8219
ALT-PU-2024-11813
ALT-PU-2024-13898
ALT-PU-2024-14035
ALT-PU-2024-14286
ALT-PU-2024-14830
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4241
ALT-PU-2024-4260
ALT-PU-2024-4381
ALT-PU-2024-4748
ALT-PU-2024-6148
ASB-A-299477569
AZL-29758
BDU:2023-05510
CESA-2023_5184
CESA-2023_5201
CESA-2023_5309
CVE-2023-4863
DLA-3568-1
DLA-3569-1
DLA-3570-1
DSA-5496-1
DSA-5497-1
DSA-5497-2
DSA-5498-1
ELSA-2023-5184
ELSA-2023-5191
ELSA-2023-5197
ELSA-2023-5200
ELSA-2023-5201
ELSA-2023-5214
ELSA-2023-5224
ELSA-2023-5309
GHSA-56PW-MPJ4-FXWW
GHSA-94VC-P8W7-5P49
GHSA-CXJF-X6JP-P7MC
GHSA-J7HP-H8JX-5PPR
GHSA-JH2J-J4J9-CRG3
GHSA-QR4W-53VH-M672
GHSA-W2PJ-9CGH-MQ2C
GHSA-WQCR-XM43-HPQR
JLSEC-2026-441
MGASA-2023-0266
MGASA-2023-0282
MGASA-2023-0283
OESA-2023-1681
OESA-2023-1711
OESA-2023-1712
OESA-2023-1713
OESA-2023-1714
OESA-2023-1715
OPENSUSE-SU-2023:0246-1
OPENSUSE-SU-2023:0247-1
OPENSUSE-SU-2023:0278-1
OPENSUSE-SU-2023_3610-1
OPENSUSE-SU-2023_3634-1
OPENSUSE-SU-2023_3664-1
OPENSUSE-SU-2023_3829-1
OPENSUSE-SU-2024:13227-1
OPENSUSE-SU-2024:13228-1
OPENSUSE-SU-2024:13229-1
OPENSUSE-SU-2024:13231-1
OPENSUSE-SU-2024:13232-1
OPENSUSE-SU-2024:13255-1
OPENSUSE-SU-2024:13265-1
OPENSUSE-SU-2024:13266-1
OPENSUSE-SU-2024:13270-1
OPENSUSE-SU-2024:13271-1
OPENSUSE-SU-2024:13284-1
OPENSUSE-SU-2024:13338-1
OPENSUSE-SU-2024:13353-1
OPENSUSE-SU-2024:13462-1
OPENSUSE-SU-2024:13484-1
OPENSUSE-SU-2024:13595-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2026:10991-1
PYSEC-2023-174
PYSEC-2023-175
PYSEC-2023-181
PYSEC-2023-182
PYSEC-2023-183
PYSEC-2023-184
RHSA-2023:5183
RHSA-2023:5184
RHSA-2023:5185
RHSA-2023:5186
RHSA-2023:5187
RHSA-2023:5188
RHSA-2023:5189
RHSA-2023:5190
RHSA-2023:5191
RHSA-2023:5192
RHSA-2023:5197
RHSA-2023:5198
RHSA-2023:5200
RHSA-2023:5201
RHSA-2023:5202
RHSA-2023:5204
RHSA-2023:5205
RHSA-2023:5214
RHSA-2023:5222
RHSA-2023:5223
RHSA-2023:5224
RHSA-2023:5236
RHSA-2023:5309
RHSA-2023_5184
RHSA-2023_5191
RHSA-2023_5197
RHSA-2023_5200
RHSA-2023_5201
RHSA-2023_5214
RHSA-2023_5224
RHSA-2023_5309
RLSA-2023:5184
RLSA-2023:5201
RLSA-2023:5214
RLSA-2023:5309
RLSA-2023_5184
RLSA-2023_5201
RLSA-2023_5214
ROSA-SA-2024-2371
RUSTSEC-2023-0060
RUSTSEC-2023-0061
SUSE-SU-2023:3609-1
SUSE-SU-2023:3610-1
SUSE-SU-2023:3626-1
SUSE-SU-2023:3634-1
SUSE-SU-2023:3664-1
SUSE-SU-2023:3794-1
SUSE-SU-2023:3829-1
SUSE-SU-2023_3609-1
SUSE-SU-2023_3610-1
SUSE-SU-2023_3626-1
SUSE-SU-2023_3634-1
SUSE-SU-2023_3794-1
SUSE-SU-2023_3829-1
USN-6367-1
USN-6368-1
USN-6369-1
USN-6369-2

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Google Chrome
Linuxmint
Firefox
Thunderbird
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libwebp