CVE-2023-5217

Google Chromium libvpx Heap Buffer Overflow Vulnerability

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta)

A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.

Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-09-27 CVE Reserved
2023-09-28 CVE Published
2023-10-02 Exploited in Wild
2023-10-23 KEV Due Date
2024-08-02 CVE Updated
2024-10-30 EPSS Updated
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-787: Out-of-bounds Write

CAPEC

References (52)

URL	Tag	Source
http://seclists.org/fulldisclosure/2023/Oct/12	Mailing List
http://seclists.org/fulldisclosure/2023/Oct/16	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/1	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/11	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/12	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/14	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/2	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/7	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/9	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/1	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/2	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/3	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/4	Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/5	Mailing List
http://www.openwall.com/lists/oss-security/2023/10/01/1	Mailing List
http://www.openwall.com/lists/oss-security/2023/10/01/2	Mailing List
http://www.openwall.com/lists/oss-security/2023/10/01/5	Mailing List
http://www.openwall.com/lists/oss-security/2023/10/02/6	Mailing List
http://www.openwall.com/lists/oss-security/2023/10/03/11	Mailing List
https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software	Third Party Advisory
https://github.com/webmproject/libvpx/releases/tag/v1.13.1	Release Notes
https://github.com/webmproject/libvpx/tags	Product
https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I	Mailing List
https://pastebin.com/TdkC4pDv	Not Applicable
https://security.gentoo.org/glsa/202310-04	Third Party Advisory
https://security.gentoo.org/glsa/202401-34	Third Party Advisory
https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217	Third Party Advisory
https://support.apple.com/kb/HT213961	Third Party Advisory
https://support.apple.com/kb/HT213972	Third Party Advisory
https://twitter.com/maddiestone/status/1707163313711497266	Third Party Advisory
https://www.debian.org/security/2023/dsa-5508	Third Party Advisory
https://www.debian.org/security/2023/dsa-5509	Third Party Advisory
https://www.debian.org/security/2023/dsa-5510	Third Party Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44	Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/09/28/5	Mailing List

URL	Date	SRC

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2023/09/28/5	2024-02-15
http://www.openwall.com/lists/oss-security/2023/09/28/6	2024-02-15
https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590	2024-02-15
https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282	2024-02-15
https://security-tracker.debian.org/tracker/CVE-2023-5217	2024-02-15

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2241191	2023-10-09
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html	2024-02-15
https://access.redhat.com/security/cve/CVE-2023-5217	2023-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Webmproject Search vendor "Webmproject"	Libvpx Search vendor "Webmproject" for product "Libvpx"	< 1.13.1 Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"	-	Affected	in	Google Search vendor "Google"	Chrome Search vendor "Google" for product "Chrome"	< 117.0.5938.132 Search vendor "Google" for product "Chrome" and version " < 117.0.5938.132"	-	Safe
Webmproject Search vendor "Webmproject"	Libvpx Search vendor "Webmproject" for product "Libvpx"	< 1.13.1 Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"	-	Affected	in	Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	< 118.0.1 Search vendor "Mozilla" for product "Firefox" and version " < 118.0.1"	-	Safe
Webmproject Search vendor "Webmproject"	Libvpx Search vendor "Webmproject" for product "Libvpx"	< 1.13.1 Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"	-	Affected	in	Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	< 118.1 Search vendor "Mozilla" for product "Firefox" and version " < 118.1"	android	Safe
Webmproject Search vendor "Webmproject"	Libvpx Search vendor "Webmproject" for product "Libvpx"	< 1.13.1 Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"	-	Affected	in	Mozilla Search vendor "Mozilla"	Firefox Esr Search vendor "Mozilla" for product "Firefox Esr"	< 115.3.1 Search vendor "Mozilla" for product "Firefox Esr" and version " < 115.3.1"	-	Safe
Webmproject Search vendor "Webmproject"	Libvpx Search vendor "Webmproject" for product "Libvpx"	< 1.13.1 Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"	-	Affected	in	Mozilla Search vendor "Mozilla"	Firefox Focus Search vendor "Mozilla" for product "Firefox Focus"	< 118.1 Search vendor "Mozilla" for product "Firefox Focus" and version " < 118.1"	android	Safe
Microsoft Search vendor "Microsoft"		Edge Search vendor "Microsoft" for product "Edge"				116.0.1938.98 Search vendor "Microsoft" for product "Edge" and version "116.0.1938.98"		-		Affected
Microsoft Search vendor "Microsoft"		Edge Search vendor "Microsoft" for product "Edge"				117.0.2045.47 Search vendor "Microsoft" for product "Edge" and version "117.0.2045.47"		-		Affected
Microsoft Search vendor "Microsoft"		Edge Chromium Search vendor "Microsoft" for product "Edge Chromium"				116.0.5845.229 Search vendor "Microsoft" for product "Edge Chromium" and version "116.0.5845.229"		-		Affected
Microsoft Search vendor "Microsoft"		Edge Chromium Search vendor "Microsoft" for product "Edge Chromium"				117.0.5938.132 Search vendor "Microsoft" for product "Edge Chromium" and version "117.0.5938.132"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				< 118.0.1 Search vendor "Mozilla" for product "Firefox" and version " < 118.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				< 118.1 Search vendor "Mozilla" for product "Firefox" and version " < 118.1"		android		Affected
Mozilla Search vendor "Mozilla"		Firefox Esr Search vendor "Mozilla" for product "Firefox Esr"				< 115.3.1 Search vendor "Mozilla" for product "Firefox Esr" and version " < 115.3.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Focus Search vendor "Mozilla" for product "Firefox Focus"				< 118.1 Search vendor "Mozilla" for product "Firefox Focus" and version " < 118.1"		android		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				< 115.3.1 Search vendor "Mozilla" for product "Thunderbird" and version " < 115.3.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				38 Search vendor "Fedoraproject" for product "Fedora" and version "38"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				39 Search vendor "Fedoraproject" for product "Fedora" and version "39"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0"		-		Affected
Apple Search vendor "Apple"		Ipad Os Search vendor "Apple" for product "Ipad Os"				>= 17.0 < 17.0.3 Search vendor "Apple" for product "Ipad Os" and version " >= 17.0 < 17.0.3"		-		Affected
Apple Search vendor "Apple"		Ipad Os Search vendor "Apple" for product "Ipad Os"				16.7 Search vendor "Apple" for product "Ipad Os" and version "16.7"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				>= 17.0 < 17.0.3 Search vendor "Apple" for product "Iphone Os" and version " >= 17.0 < 17.0.3"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				16.7 Search vendor "Apple" for product "Iphone Os" and version "16.7"		-		Affected