CVE-2023-4863

Published: December 9, 2023

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

HIGH
CVSS v3: 8.8

Status

DocFilters Release	Package	State	Justification	Comment
25.1	libwebp (1.3.2)	Not Affected	Code Not Present	Does not exist in libwebp 1.3.2
25.1	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
24.4	libwebp (1.3.2)	Not Affected	Code Not Present	Does not exist in libwebp 1.3.2
24.4	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
24.4.0	libwebp (1.3.2)	Not Affected	Code Not Present	Does not exist in libwebp 1.3.2
24.4.0	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
24.3	libwebp (1.3.2)	Not Affected	Code Not Present	Does not exist in libwebp 1.3.2
24.3	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
24.2.1	libwebp (1.3.2)	Not Affected	Code Not Present	Does not exist in libwebp 1.3.2
24.2.1	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
24.2	libwebp (1.3.2)	Not Affected	Code Not Present	Does not exist in libwebp 1.3.2
24.2	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
24.1	libwebp (1.3.2)	Not Affected	Code Not Present	Does not exist in libwebp 1.3.2
24.1	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
23.3	libwebp (1.3.1)	Resolved	Code Not Present	Patched applied from https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76
23.3	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
23.2.1	libwebp (1.2.0)	Needs Triage
23.2.1	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
23.2	libwebp (1.2.0)	Needs Triage
23.2	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
23.1	libwebp (1.2.0)	Needs Triage
23.1	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
22.4	libwebp (1.2.0)	Needs Triage
22.4	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
22.3	libwebp (1.2.0)	Needs Triage
22.3	chrome (103.0.5060.123)	Not Affected	Protected At Runtime	CVE does not included required value ‘pdfium’
22.2	libwebp (1.2.0)	Needs Triage
22.1	libwebp (1.2.0)	Needs Triage
21.11.1	libwebp (1.2.0)	Needs Triage
21.11	libwebp (1.2.0)	Needs Triage
21.8.1	libwebp (1.2.0)	Needs Triage
21.8	libwebp (1.2.0)	Needs Triage
21.5.1	libwebp (0.6.0)	Needs Triage
21.5.0	libwebp (0.6.0)	Needs Triage
21.2.0	libwebp (0.6.0)	Needs Triage
11.4.20	libwebp (0.6.0)	Needs Triage
11.4.19.3667	libwebp (0.6.0)	Needs Triage
11.4.18.3599	libwebp (0.6.0)	Needs Triage
11.4.17	libwebp (0.6.0)	Needs Triage
11.4.16.3445	libwebp (0.6.0)	Needs Triage
11.4.15.3368	libwebp (0.6.0)	Needs Triage
11.4.14.3263	libwebp (0.6.0)	Needs Triage
11.4.13.3179	libwebp (0.6.0)	Needs Triage
11.4.12.3054	libwebp (0.6.0)	Needs Triage
11.4.11.3040	libwebp (0.6.0)	Needs Triage
11.4.11.2990	libwebp (0.6.0)	Needs Triage
11.4.10.2934	libwebp (0.6.0)	Needs Triage
11.4.9.2878	libwebp (0.6.0)	Needs Triage
11.4.8.2822	libwebp (0.6.0)	Needs Triage

Severity score breakdown

Attack Complexity

LOW

Attack Vector

NETWORK

Availability Impact

HIGH

Base Score

8.8

Base Severity

HIGH

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Privileges Required

NONE

Scope

UNCHANGED

User Interaction

REQUIRED

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Version

3.1

References

NVD
MITRE