CVE-2023-4863

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica)

A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-09-09 CVE Reserved
2023-09-12 CVE Published
2023-09-13 Exploited in Wild
2023-09-25 First Exploit
2023-10-04 KEV Due Date
2024-08-19 CVE Updated
2024-09-18 EPSS Updated

CWE

CWE-122: Heap-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (54)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2023/09/21/4	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/22/1	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/22/3	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/22/4	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/22/5	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/22/6	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/22/7	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/22/8	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/26/1	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/26/7	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/28/1	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/28/2	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/28/4	Mailing List
https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway	Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1215231	Issue Tracking
https://en.bandisoft.com/honeyview/history	Release Notes
https://github.com/webmproject/libwebp/releases/tag/v1.3.2	Release Notes
https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I	Mailing List
https://security-tracker.debian.org/tracker/CVE-2023-4863	Issue Tracking
https://security.gentoo.org/glsa/202309-05	Third Party Advisory
https://security.gentoo.org/glsa/202401-10	Third Party Advisory
https://security.netapp.com/advisory/ntap-20230929-0011	Third Party Advisory
https://www.bentley.com/advisories/be-2023-0001	Third Party Advisory
https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks	Third Party Advisory
https://www.debian.org/security/2023/dsa-5496	Third Party Advisory
https://www.debian.org/security/2023/dsa-5497	Third Party Advisory
https://www.debian.org/security/2023/dsa-5498	Third Party Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40	Third Party Advisory

URL	Date	SRC
https://github.com/alsaeroth/CVE-2023-4863-POC	2024-02-07
https://github.com/mistymntncop/CVE-2023-4863	2023-12-18
https://github.com/LiveOverflow/webp-CVE-2023-4863	2024-05-13
https://github.com/bbaranoff/CVE-2023-4863	2023-09-25
https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863	2023-09-25
https://github.com/huiwen-yayaya/CVE-2023-4863	2024-06-08
https://github.com/CrackerCat/CVE-2023-4863-	2024-02-03
https://github.com/sarsaeroth/CVE-2023-4863-POC	2024-02-07
https://blog.isosceles.com/the-webp-0day	2024-08-19
https://news.ycombinator.com/item?id=37478403	2024-08-19
https://sethmlarson.dev/security-developer-in-residence-weekly-report-16	2024-08-19
https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863	2024-08-19

URL	Date	SRC
https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a	2024-06-27
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863	2024-06-27

URL	Date	SRC
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html	2024-06-27
https://access.redhat.com/security/cve/CVE-2023-4863	2023-09-20
https://bugzilla.redhat.com/show_bug.cgi?id=2238431	2023-09-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Chrome Search vendor "Google" for product "Chrome"				< 116.0.5845.187 Search vendor "Google" for product "Chrome" and version " < 116.0.5845.187"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				38 Search vendor "Fedoraproject" for product "Fedora" and version "38"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				39 Search vendor "Fedoraproject" for product "Fedora" and version "39"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				< 117.0.1 Search vendor "Mozilla" for product "Firefox" and version " < 117.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Esr Search vendor "Mozilla" for product "Firefox Esr"				< 102.15.1 Search vendor "Mozilla" for product "Firefox Esr" and version " < 102.15.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Esr Search vendor "Mozilla" for product "Firefox Esr"				>= 115.0 < 115.2.1 Search vendor "Mozilla" for product "Firefox Esr" and version " >= 115.0 < 115.2.1"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				< 102.15.1 Search vendor "Mozilla" for product "Thunderbird" and version " < 102.15.1"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				>= 115.0 < 115.2.2 Search vendor "Mozilla" for product "Thunderbird" and version " >= 115.0 < 115.2.2"		-		Affected
Microsoft Search vendor "Microsoft"		Edge Search vendor "Microsoft" for product "Edge"				< 117.0.2045.31 Search vendor "Microsoft" for product "Edge" and version " < 117.0.2045.31"		-		Affected
Webmproject Search vendor "Webmproject"		Libwebp Search vendor "Webmproject" for product "Libwebp"				< 1.3.2 Search vendor "Webmproject" for product "Libwebp" and version " < 1.3.2"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Bentley Search vendor "Bentley"		Seequent Leapfrog Search vendor "Bentley" for product "Seequent Leapfrog"				< 2023.2 Search vendor "Bentley" for product "Seequent Leapfrog" and version " < 2023.2"		-		Affected