CVE-2023-4863

Description

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

From the Tenable Blog

CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities

Published: 2023-09-28

Frequently asked questions relating to vulnerabilities in Apple, Google and the open source libwebp library.

References

• Advisories
• Exploits
• References
• Tenable Blogs
• More

Details

Source: Mitre, NVD

Named Vulnerability: libwebp vulnerabilityNamed Vulnerability: libwebpNamed Vulnerability: The WebP 0dayNamed Vulnerability: BlastPassKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

CVSS v3

EPSS