// For flags

CVE-2023-5217

Google Chromium libvpx Heap Buffer Overflow Vulnerability

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta)

A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.

Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-09-27 CVE Reserved
  • 2023-09-28 CVE Published
  • 2023-10-02 Exploited in Wild
  • 2023-10-23 KEV Due Date
  • 2024-08-02 CVE Updated
  • 2024-11-11 EPSS Updated
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-787: Out-of-bounds Write
CAPEC
References (52)
URL Tag Source
http://seclists.org/fulldisclosure/2023/Oct/12 Mailing List
http://seclists.org/fulldisclosure/2023/Oct/16 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/1 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/11 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/12 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/14 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/2 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/7 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/29/9 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/1 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/2 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/3 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/4 Mailing List
http://www.openwall.com/lists/oss-security/2023/09/30/5 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/01/1 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/01/2 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/01/5 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/02/6 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/03/11 Mailing List
https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software Third Party Advisory
https://github.com/webmproject/libvpx/releases/tag/v1.13.1 Release Notes
https://github.com/webmproject/libvpx/tags Product
https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4 Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63 Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6 Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I Mailing List
https://pastebin.com/TdkC4pDv Not Applicable
https://security.gentoo.org/glsa/202310-04 Third Party Advisory
https://security.gentoo.org/glsa/202401-34 Third Party Advisory
https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217 Third Party Advisory
https://support.apple.com/kb/HT213961 Third Party Advisory
https://support.apple.com/kb/HT213972 Third Party Advisory
https://twitter.com/maddiestone/status/1707163313711497266 Third Party Advisory
https://www.debian.org/security/2023/dsa-5508 Third Party Advisory
https://www.debian.org/security/2023/dsa-5509 Third Party Advisory
https://www.debian.org/security/2023/dsa-5510 Third Party Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44 Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/09/28/5 Mailing List
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Webmproject
Search vendor "Webmproject"
Libvpx
Search vendor "Webmproject" for product "Libvpx"
< 1.13.1
Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"
-
Affected
in Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
< 117.0.5938.132
Search vendor "Google" for product "Chrome" and version " < 117.0.5938.132"
-
Safe
Webmproject
Search vendor "Webmproject"
Libvpx
Search vendor "Webmproject" for product "Libvpx"
< 1.13.1
Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"
-
Affected
in Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
< 118.0.1
Search vendor "Mozilla" for product "Firefox" and version " < 118.0.1"
-
Safe
Webmproject
Search vendor "Webmproject"
Libvpx
Search vendor "Webmproject" for product "Libvpx"
< 1.13.1
Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"
-
Affected
in Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
< 118.1
Search vendor "Mozilla" for product "Firefox" and version " < 118.1"
android
Safe
Webmproject
Search vendor "Webmproject"
Libvpx
Search vendor "Webmproject" for product "Libvpx"
< 1.13.1
Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"
-
Affected
in Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
< 115.3.1
Search vendor "Mozilla" for product "Firefox Esr" and version " < 115.3.1"
-
Safe
Webmproject
Search vendor "Webmproject"
Libvpx
Search vendor "Webmproject" for product "Libvpx"
< 1.13.1
Search vendor "Webmproject" for product "Libvpx" and version " < 1.13.1"
-
Affected
in Mozilla
Search vendor "Mozilla"
Firefox Focus
Search vendor "Mozilla" for product "Firefox Focus"
< 118.1
Search vendor "Mozilla" for product "Firefox Focus" and version " < 118.1"
android
Safe
Microsoft
Search vendor "Microsoft"
Edge
Search vendor "Microsoft" for product "Edge"
116.0.1938.98
Search vendor "Microsoft" for product "Edge" and version "116.0.1938.98"
-
Affected
Microsoft
Search vendor "Microsoft"
Edge
Search vendor "Microsoft" for product "Edge"
117.0.2045.47
Search vendor "Microsoft" for product "Edge" and version "117.0.2045.47"
-
Affected
Microsoft
Search vendor "Microsoft"
Edge Chromium
Search vendor "Microsoft" for product "Edge Chromium"
116.0.5845.229
Search vendor "Microsoft" for product "Edge Chromium" and version "116.0.5845.229"
-
Affected
Microsoft
Search vendor "Microsoft"
Edge Chromium
Search vendor "Microsoft" for product "Edge Chromium"
117.0.5938.132
Search vendor "Microsoft" for product "Edge Chromium" and version "117.0.5938.132"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
< 118.0.1
Search vendor "Mozilla" for product "Firefox" and version " < 118.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
< 118.1
Search vendor "Mozilla" for product "Firefox" and version " < 118.1"
android
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
< 115.3.1
Search vendor "Mozilla" for product "Firefox Esr" and version " < 115.3.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Focus
Search vendor "Mozilla" for product "Firefox Focus"
< 118.1
Search vendor "Mozilla" for product "Firefox Focus" and version " < 118.1"
android
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
< 115.3.1
Search vendor "Mozilla" for product "Thunderbird" and version " < 115.3.1"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
37
Search vendor "Fedoraproject" for product "Fedora" and version "37"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
38
Search vendor "Fedoraproject" for product "Fedora" and version "38"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
39
Search vendor "Fedoraproject" for product "Fedora" and version "39"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
12.0
Search vendor "Debian" for product "Debian Linux" and version "12.0"
-
Affected
Apple
Search vendor "Apple"
Ipad Os
Search vendor "Apple" for product "Ipad Os"
>= 17.0 < 17.0.3
Search vendor "Apple" for product "Ipad Os" and version " >= 17.0 < 17.0.3"
-
Affected
Apple
Search vendor "Apple"
Ipad Os
Search vendor "Apple" for product "Ipad Os"
16.7
Search vendor "Apple" for product "Ipad Os" and version "16.7"
-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
>= 17.0 < 17.0.3
Search vendor "Apple" for product "Iphone Os" and version " >= 17.0 < 17.0.3"
-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
16.7
Search vendor "Apple" for product "Iphone Os" and version "16.7"
-
Affected