CVE-2023-5217
CVSS v3.1
8.8 (High)
EPSS
30.61 % (97th)
Affected Products
15
Advisories
62
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses
- CWE-787
- Out-of-bounds Write
- CVE Status
- PUBLISHED
- CNA
- Chrome
- Published Date
-
2023-09-28 16:15:10
(11 months ago) - Updated Date
-
2024-02-15 02:00:01
(7 months ago)
Google Chromium libvpx Heap Buffer Overflow Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
- Required Action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217
- Vendor
- Product
- Chromium libvpx
- In CISA Catalog from
-
2023-10-02
(11 months ago) - Due Date
-
2023-10-23
(10 months ago)
Affected Products
Loading...
Loading...
Configuration #1
AND |
|
---|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Configuration #6
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...