CVE-2023-4863
CVSS v3.1
8.8 (High)
EPSS
63.64 % (98th)
Affected Products
13
Advisories
71
NVD Status
Analyzed
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- Chrome
- Published Date
-
2023-09-12 15:15:24
(12 months ago) - Updated Date
-
2024-07-31 18:19:23
(6 weeks ago)
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.
- Required Action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863
- Vendor
- Product
- Chromium WebP
- In CISA Catalog from
-
2023-09-13
(12 months ago) - Due Date
-
2023-10-04
(11 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Configuration #6
|
Configuration #7
|
Configuration #8
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...