CVE-2023-4863 – Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica) A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library. Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. • https://github.com/alsaeroth/CVE-2023-4863-POC https://github.com/mistymntncop/CVE-2023-4863 https://github.com/LiveOverflow/webp-CVE-2023-4863 https://github.com/bbaranoff/CVE-2023-4863 https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863 https://github.com/huiwen-yayaya/CVE-2023-4863 https://github.com/CrackerCat/CVE-2023-4863- https://github.com/sarsaeroth/CVE-2023-4863-POC http://www.openwall.com/lists/oss-security/2023/09/21/4 http://www.openwall.com/list • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-1999 – Use after free in libwebp
https://notcve.org/view.php?id=CVE-2023-1999
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Existe un Use After Free/Double Free en libwebp. Un atacante puede usar la función ApplyFiltersAndEncode() y hacer un bucle para liberar best.bw y asignar best = puntero trial. • https://chromium.googlesource.com/webm/libwebp https://security.gentoo.org/glsa/202309-05 https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 • CWE-415: Double Free CWE-416: Use After Free •
CVE-2018-25014 – libwebp: use of uninitialized value in ReadSymbol()
https://notcve.org/view.php?id=CVE-2018-25014
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). Se encontró un uso de valor no inicializado en libwebp en versiones anteriores a la 1.0.1 en ReadSymbol() A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 https://bugzilla.redhat.com/show_bug.cgi?id=1956927 https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 https://access.redhat.com/security/cve/CVE-2018-25014 • CWE-908: Use of Uninitialized Resource •
CVE-2018-25013 – libwebp: out-of-bounds read in ShiftBytes()
https://notcve.org/view.php?id=CVE-2018-25013
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en ShiftBytes() A flaw was found in libwebp. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417 https://bugzilla.redhat.com/show_bug.cgi?id=1956926 https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6 https://access.redhat.com/security/cve/CVE-2018-25013 • CWE-125: Out-of-bounds Read •
CVE-2018-25012 – libwebp: out-of-bounds read in WebPMuxCreateInternal()
https://notcve.org/view.php?id=CVE-2018-25012
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en GetLE24() A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123 https://bugzilla.redhat.com/show_bug.cgi?id=1956922 https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097 https://access.redhat.com/security/cve/CVE-2018-25012 • CWE-125: Out-of-bounds Read •