PT-2023-1010 · Google+11 · Google Chrome+13

Smartkeyss

·

Published

2023-01-23

·

Updated

2026-05-04

·

CVE-2023-4863

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions libwebp versions prior to 1.3.2 Google Chrome versions prior to 116.0.5845.187 Mozilla Firefox versions prior to 117.0.1 Mozilla Thunderbird versions prior to 102.15.1 and 115.2.2 Electron versions that bundle libwebp prior to 1.3.2 opencv-python versions prior to 4.8.1.78 opencv-contrib-python versions prior to 4.8.1.78 opencv-contrib-python-headless versions prior to 4.8.1.78 opencv-python-headless versions prior to 4.8.1.78
Description The vulnerability is a heap buffer overflow in the libwebp library, which can be exploited by a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This can lead to arbitrary code execution or a crash. The vulnerability is caused by a problem with reading beyond the buffer boundaries in memory. Exploitation of the vulnerability allows an attacker to execute code on the system. The vulnerability can be triggered by tricking victims into opening a malicious WebP image.
Recommendations For libwebp versions prior to 1.3.2, update to version 1.3.2 or later. For Google Chrome versions prior to 116.0.5845.187, update to version 116.0.5845.187 or later. For Mozilla Firefox versions prior to 117.0.1, update to version 117.0.1 or later. For Mozilla Thunderbird versions prior to 102.15.1 and 115.2.2, update to version 102.15.1 or 115.2.2 or later. For Electron versions that bundle libwebp prior to 1.3.2, update to a version that bundles libwebp 1.3.2 or later. For opencv-python versions prior to 4.8.1.78, update to version 4.8.1.78 or later. For opencv-contrib-python versions prior to 4.8.1.78, update to version 4.8.1.78 or later. For opencv-contrib-python-headless versions prior to 4.8.1.78, update to version 4.8.1.78 or later. For opencv-python-headless versions prior to 4.8.1.78, update to version 4.8.1.78 or later.

Exploit

Fix

DoS

RCE

Memory Corruption

Out of bounds Read

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

ALSA-2023:5184
ALSA-2023:5200
ALSA-2023:5201
ALSA-2023:5214
ALSA-2023:5224
ALSA-2023:5309
ALSA-2023_0285
ALSA-2023_0288
ALSA-2023_0463
ALSA-2023_0476
ALSA-2023_1252
ALSA-2023_1336
ALSA-2023_1337
ALSA-2023_1368
ALSA-2023_1403
ALSA-2023_1407
ALSA-2023_2076
ALSA-2023_2078
ALSA-2023_3143
ALSA-2023_3150
ALSA-2023_3220
ALSA-2023_3221
ALSA-2023_3587
ALSA-2023_3588
ALSA-2023_3589
ALSA-2023_3590
ALSA-2023_4063
ALSA-2023_4064
ALSA-2023_4071
ALSA-2023_4076
ALSA-2023_4462
ALSA-2023_4468
ALSA-2023_4497
ALSA-2023_4499
ALSA-2023_4952
ALSA-2023_4954
ALSA-2023_4955
ALSA-2023_4958
ALSA-2023_5184
ALSA-2023_5200
ALSA-2023_5201
ALSA-2023_5214
ALSA-2023_5224
ALSA-2023_5309
ALSA-2024_1484
ALSA-2024_1485
ALSA-2024_1493
ALSA-2024_1494
ALSA-2025_16880
ALT-PU-2023-5596
ALT-PU-2023-5632
ALT-PU-2023-5701
ALT-PU-2023-5754
ALT-PU-2023-5790
ALT-PU-2023-5836
ALT-PU-2023-5876
ALT-PU-2023-5979
ALT-PU-2023-6281
ALT-PU-2023-6350
ALT-PU-2023-6351
ALT-PU-2023-6436
ALT-PU-2023-6567
ALT-PU-2023-7312
ALT-PU-2023-8219
ALT-PU-2024-11813
ALT-PU-2024-13898
ALT-PU-2024-14035
ALT-PU-2024-14286
ALT-PU-2024-14830
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4241
ALT-PU-2024-4260
ALT-PU-2024-4381
ALT-PU-2024-4748
ALT-PU-2024-6148
ASB-A-299477569
AZL-29758
BDU:2023-05510
CESA-2023_5184
CESA-2023_5201
CESA-2023_5309
CVE-2023-4863
DLA-3568-1
DLA-3569-1
DLA-3570-1
DSA-5496-1
DSA-5497-1
DSA-5497-2
DSA-5498-1
ELSA-2023-5184
ELSA-2023-5191
ELSA-2023-5197
ELSA-2023-5200
ELSA-2023-5201
ELSA-2023-5214
ELSA-2023-5224
ELSA-2023-5309
GHSA-56PW-MPJ4-FXWW
GHSA-94VC-P8W7-5P49
GHSA-CXJF-X6JP-P7MC
GHSA-J7HP-H8JX-5PPR
GHSA-JH2J-J4J9-CRG3
GHSA-QR4W-53VH-M672
GHSA-W2PJ-9CGH-MQ2C
GHSA-WQCR-XM43-HPQR
JLSEC-2026-441
MGASA-2023-0266
MGASA-2023-0282
MGASA-2023-0283
OESA-2023-1681
OESA-2023-1711
OESA-2023-1712
OESA-2023-1713
OESA-2023-1714
OESA-2023-1715
OPENSUSE-SU-2023:0246-1
OPENSUSE-SU-2023:0247-1
OPENSUSE-SU-2023:0278-1
OPENSUSE-SU-2023_3610-1
OPENSUSE-SU-2023_3634-1
OPENSUSE-SU-2023_3664-1
OPENSUSE-SU-2023_3829-1
OPENSUSE-SU-2024:13227-1
OPENSUSE-SU-2024:13228-1
OPENSUSE-SU-2024:13229-1
OPENSUSE-SU-2024:13231-1
OPENSUSE-SU-2024:13232-1
OPENSUSE-SU-2024:13255-1
OPENSUSE-SU-2024:13265-1
OPENSUSE-SU-2024:13266-1
OPENSUSE-SU-2024:13270-1
OPENSUSE-SU-2024:13271-1
OPENSUSE-SU-2024:13284-1
OPENSUSE-SU-2024:13338-1
OPENSUSE-SU-2024:13353-1
OPENSUSE-SU-2024:13462-1
OPENSUSE-SU-2024:13484-1
OPENSUSE-SU-2024:13595-1
OPENSUSE-SU-2024:14572-1
PYSEC-2023-174
PYSEC-2023-175
PYSEC-2023-181
PYSEC-2023-182
PYSEC-2023-183
PYSEC-2023-184
RHSA-2023:5183
RHSA-2023:5184
RHSA-2023:5185
RHSA-2023:5186
RHSA-2023:5187
RHSA-2023:5188
RHSA-2023:5189
RHSA-2023:5190
RHSA-2023:5191
RHSA-2023:5192
RHSA-2023:5197
RHSA-2023:5198
RHSA-2023:5200
RHSA-2023:5201
RHSA-2023:5202
RHSA-2023:5204
RHSA-2023:5205
RHSA-2023:5214
RHSA-2023:5222
RHSA-2023:5223
RHSA-2023:5224
RHSA-2023:5236
RHSA-2023:5309
RHSA-2023_5184
RHSA-2023_5191
RHSA-2023_5197
RHSA-2023_5200
RHSA-2023_5201
RHSA-2023_5214
RHSA-2023_5224
RHSA-2023_5309
RLSA-2023:5184
RLSA-2023:5201
RLSA-2023:5214
RLSA-2023:5309
RLSA-2023_5184
RLSA-2023_5201
RLSA-2023_5214
ROSA-SA-2024-2371
RUSTSEC-2023-0060
RUSTSEC-2023-0061
SUSE-SU-2023:3609-1
SUSE-SU-2023:3610-1
SUSE-SU-2023:3626-1
SUSE-SU-2023:3634-1
SUSE-SU-2023:3664-1
SUSE-SU-2023:3794-1
SUSE-SU-2023:3829-1
SUSE-SU-2023_3609-1
SUSE-SU-2023_3610-1
SUSE-SU-2023_3626-1
SUSE-SU-2023_3634-1
SUSE-SU-2023_3794-1
SUSE-SU-2023_3829-1
USN-6367-1
USN-6368-1
USN-6369-1
USN-6369-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Google Chrome
Linuxmint
Firefox
Thunderbird
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libwebp