Open mend-bolt-for-github[bot] opened 8 months ago
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Publish Date: 2023-09-12
URL: CVE-2023-4863
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
Release Date: 2023-09-12
Fix Resolution: Pillow - 10.0.1, SkiaSharp - 2.88.6, libwebp-sys - 0.9.3, libwebp-sys, webp - 0.2.62 - 0.1.8, electron - 22.3.24,24.8.3,25.8.1,26.2.1,27.0.0-beta.2
Step up your Open Source Security Game with Mend here
CVE-2023-4863 - High Severity Vulnerability
Vulnerable Libraries - libwebpv1.1.0, libwebpv1.1.0, libwebpv1.1.0, libwebpv1.1.0
Vulnerability Details
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Publish Date: 2023-09-12
URL: CVE-2023-4863
CVSS 3 Score Details (8.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
Release Date: 2023-09-12
Fix Resolution: Pillow - 10.0.1, SkiaSharp - 2.88.6, libwebp-sys - 0.9.3, libwebp-sys, webp - 0.2.62 - 0.1.8, electron - 22.3.24,24.8.3,25.8.1,26.2.1,27.0.0-beta.2
Step up your Open Source Security Game with Mend here