PT-2023-5509 · Google+10 · Google Chrome+10

Clément Lecigne

·

Published

2023-09-27

·

Updated

2026-05-01

·

CVE-2023-5217

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 117.0.5938.132 libvpx versions prior to 1.13.1
Description A heap buffer overflow vulnerability in the vp8 encoding in libvpx, a video codec library used by Google Chrome and other browsers, allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability is being actively exploited in the wild. Google has released a patch to address this issue.
Recommendations For Google Chrome versions prior to 117.0.5938.132, update to version 117.0.5938.132 or later. For libvpx versions prior to 1.13.1, update to version 1.13.1 or later. As a temporary workaround, consider disabling the vp8 encoding feature in libvpx until a patch is available.

Exploit

Fix

DoS

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALSA-2023:5434
ALSA-2023:5435
ALSA-2023:5537
ALSA-2023:5539
ALSA-2023_5434
ALSA-2023_5435
ALSA-2023_5537
ALSA-2023_5539
ALSA-2024_1484
ALSA-2024_1485
ALSA-2024_1493
ALSA-2024_1494
ALSA-2024_2287
ALSA-2024_5941
ALSA-2024_9827
ALSA-2025_16880
ALT-PU-2023-5936
ALT-PU-2023-5979
ALT-PU-2023-5991
ALT-PU-2023-6200
ALT-PU-2023-6277
ALT-PU-2023-6281
ALT-PU-2023-6350
ALT-PU-2023-6351
ALT-PU-2023-6436
ALT-PU-2023-6567
ALT-PU-2023-8219
ALT-PU-2023-8370
ALT-PU-2023-8405
ALT-PU-2024-13898
ALT-PU-2024-14035
ALT-PU-2024-14286
ALT-PU-2024-14830
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4241
ALT-PU-2024-4260
ALT-PU-2024-4381
ALT-PU-2024-4748
ALT-PU-2024-6148
ALT-PU-2025-1090
BDU:2023-06157
CESA-2023_5428
CESA-2023_5433
CESA-2023_5537
CVE-2023-5217
DLA-3591-1
DLA-3598-1
DLA-3601-1
DSA-5508-1
DSA-5509-1
DSA-5510-1
DSA-5513-1
ECHO-C437-171F-6A8A
ELSA-2023-5428
ELSA-2023-5433
ELSA-2023-5434
ELSA-2023-5435
ELSA-2023-5475
ELSA-2023-5477
ELSA-2023-5537
ELSA-2023-5539
GHSA-QQVQ-6XGJ-JW8G
INFSA-2023_5539
JLSEC-2026-375
MGASA-2023-0280
MGASA-2023-0283
MGASA-2023-0285
OESA-2023-1740
OESA-2023-1775
OPENSUSE-SU-2023:0277-1
OPENSUSE-SU-2023:0297-1
OPENSUSE-SU-2023:0298-1
OPENSUSE-SU-2023:0365-1
OPENSUSE-SU-2023:0366-1
OPENSUSE-SU-2023_0297-1
OPENSUSE-SU-2023_0298-1
OPENSUSE-SU-2023_3946-1
OPENSUSE-SU-2023_3948-1
OPENSUSE-SU-2023_3949-1
OPENSUSE-SU-2023_4016-1
OPENSUSE-SU-2024:13269-1
OPENSUSE-SU-2024:13272-1
OPENSUSE-SU-2024:13274-1
OPENSUSE-SU-2024:13276-1
OPENSUSE-SU-2024:13277-1
OPENSUSE-SU-2024:13283-1
OPENSUSE-SU-2024:13288-1
OPENSUSE-SU-2024:13367-1
OPENSUSE-SU-2024:13395-1
OPENSUSE-SU-2024:13462-1
OPENSUSE-SU-2024:13484-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:5426
RHSA-2023:5427
RHSA-2023:5428
RHSA-2023:5429
RHSA-2023:5430
RHSA-2023:5432
RHSA-2023:5433
RHSA-2023:5434
RHSA-2023:5435
RHSA-2023:5436
RHSA-2023:5437
RHSA-2023:5438
RHSA-2023:5439
RHSA-2023:5440
RHSA-2023:5475
RHSA-2023:5477
RHSA-2023:5534
RHSA-2023:5535
RHSA-2023:5536
RHSA-2023:5537
RHSA-2023:5538
RHSA-2023:5539
RHSA-2023:5540
RHSA-2023_5428
RHSA-2023_5433
RHSA-2023_5434
RHSA-2023_5435
RHSA-2023_5475
RHSA-2023_5477
RHSA-2023_5537
RHSA-2023_5539
RLSA-2023:5428
RLSA-2023:5435
ROSA-SA-2024-2357
ROSA-SA-2024-2371
SUSE-SU-2023:3940-1
SUSE-SU-2023:3941-1
SUSE-SU-2023:3946-1
SUSE-SU-2023:3948-1
SUSE-SU-2023:3949-1
SUSE-SU-2023:3950-1
SUSE-SU-2023:4016-1
SUSE-SU-2023_3940-1
SUSE-SU-2023_3941-1
SUSE-SU-2023_3946-1
SUSE-SU-2023_3948-1
SUSE-SU-2023_3949-1
SUSE-SU-2023_3950-1
USN-6403-1
USN-6403-2
USN-6403-3
USN-6404-1
USN-6404-2
USN-6405-1
USN-7172-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Google Chrome
Linuxmint
Red Hat
Red Os
Suse
Ubuntu