CVE-2023-4863
Vulnerability from cvelistv5
Published
2023-09-12 14:24
Modified
2024-08-19 07:48
Severity ?
Summary
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
References
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/21/4Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/22/1Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/22/3Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/22/4Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/22/5Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/22/6Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/22/7Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/22/8Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/26/1Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/26/7Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/28/1Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/28/2Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2023/09/28/4Mailing List
chrome-cve-admin@google.comhttps://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/Third Party Advisory
chrome-cve-admin@google.comhttps://blog.isosceles.com/the-webp-0day/Exploit, Third Party Advisory
chrome-cve-admin@google.comhttps://bugzilla.suse.com/show_bug.cgi?id=1215231Issue Tracking, Third Party Advisory
chrome-cve-admin@google.comhttps://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.htmlRelease Notes, Vendor Advisory
chrome-cve-admin@google.comhttps://crbug.com/1479274Issue Tracking, Permissions Required, Vendor Advisory
chrome-cve-admin@google.comhttps://en.bandisoft.com/honeyview/history/Release Notes, Third Party Advisory
chrome-cve-admin@google.comhttps://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17aPatch
chrome-cve-admin@google.comhttps://github.com/webmproject/libwebp/releases/tag/v1.3.2Release Notes
chrome-cve-admin@google.comhttps://lists.debian.org/debian-lts-announce/2023/09/msg00015.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.debian.org/debian-lts-announce/2023/09/msg00016.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.debian.org/debian-lts-announce/2023/09/msg00017.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/Mailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/Mailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/Mailing List, Release Notes
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/Mailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/Mailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/Mailing List, Third Party Advisory
chrome-cve-admin@google.comhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/Mailing List, Release Notes
chrome-cve-admin@google.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863Patch, Vendor Advisory
chrome-cve-admin@google.comhttps://news.ycombinator.com/item?id=37478403Exploit, Third Party Advisory
chrome-cve-admin@google.comhttps://security-tracker.debian.org/tracker/CVE-2023-4863Issue Tracking, Third Party Advisory
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/202309-05Third Party Advisory
chrome-cve-admin@google.comhttps://security.gentoo.org/glsa/202401-10Third Party Advisory
chrome-cve-admin@google.comhttps://security.netapp.com/advisory/ntap-20230929-0011/Third Party Advisory
chrome-cve-admin@google.comhttps://sethmlarson.dev/security-developer-in-residence-weekly-report-16Exploit
chrome-cve-admin@google.comhttps://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/Exploit, Third Party Advisory
chrome-cve-admin@google.comhttps://www.bentley.com/advisories/be-2023-0001/Third Party Advisory
chrome-cve-admin@google.comhttps://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/Third Party Advisory
chrome-cve-admin@google.comhttps://www.debian.org/security/2023/dsa-5496Third Party Advisory
chrome-cve-admin@google.comhttps://www.debian.org/security/2023/dsa-5497Third Party Advisory
chrome-cve-admin@google.comhttps://www.debian.org/security/2023/dsa-5498Third Party Advisory
chrome-cve-admin@google.comhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-40/Third Party Advisory
Impacted products
GoogleChrome
Googlelibwebp
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2023-09-13

Due date: 2023-10-04

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-19T07:48:10.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/1479274"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://en.bandisoft.com/honeyview/history/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37478403"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5496"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5497"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5498"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.isosceles.com/the-webp-0day/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bentley.com/advisories/be-2023-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-10"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "116.0.5845.187",
              "status": "affected",
              "version": "116.0.5845.187",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "libwebp",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "1.3.2",
              "status": "affected",
              "version": "1.3.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-06T23:12:29.399Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
        },
        {
          "url": "https://crbug.com/1479274"
        },
        {
          "url": "https://en.bandisoft.com/honeyview/history/"
        },
        {
          "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
        },
        {
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
        },
        {
          "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
        },
        {
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37478403"
        },
        {
          "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5496"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5497"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5498"
        },
        {
          "url": "https://security.gentoo.org/glsa/202309-05"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
        },
        {
          "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
        },
        {
          "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
        },
        {
          "url": "https://blog.isosceles.com/the-webp-0day/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
        },
        {
          "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
        },
        {
          "url": "https://www.bentley.com/advisories/be-2023-0001/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2023-4863",
    "datePublished": "2023-09-12T14:24:59.275Z",
    "dateReserved": "2023-09-09T01:02:58.312Z",
    "dateUpdated": "2024-08-19T07:48:10.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-4863",
      "cwes": "[\"CWE-787\"]",
      "dateAdded": "2023-09-13",
      "dueDate": "2023-10-04",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
      "product": "Chromium WebP",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.",
      "vendorProject": "Google",
      "vulnerabilityName": "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4863\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-09-12T15:15:24.327\",\"lastModified\":\"2024-07-31T18:19:23.710\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"cisaExploitAdd\":\"2023-09-13\",\"cisaActionDue\":\"2023-10-04\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Google Chromium WebP Heap-Based Buffer Overflow Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)\"},{\"lang\":\"es\",\"value\":\"El desbordamiento del b\u00fafer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permit\u00eda a un atacante remoto realizar una escritura en memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: cr\u00edtica)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.5845.187\",\"matchCriteriaId\":\"856C1821-5D22-4A4E-859D-8F5305255AB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"117.0.1\",\"matchCriteriaId\":\"54A821DA-91BA-454E-BC32-2152CD7989AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.15.1\",\"matchCriteriaId\":\"F5CB1076-9147-44A4-B32F-86841DEB85DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"115.0\",\"versionEndExcluding\":\"115.2.1\",\"matchCriteriaId\":\"D288632E-E2D5-4319-BE74-882D71D699C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.15.1\",\"matchCriteriaId\":\"A073724D-52BD-4426-B58D-7A8BD24B8F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"115.0\",\"versionEndExcluding\":\"115.2.2\",\"matchCriteriaId\":\"952BEC0C-2DB0-476A-AF62-1269F8635B4A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"117.0.2045.31\",\"matchCriteriaId\":\"49AFFE24-5E30-46A4-A3AE-13D8EB15DE91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"117.0.5938.62\",\"matchCriteriaId\":\"B743C4A7-9C0F-49F3-B94E-F837F19164E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:teams:1.6.00.26463:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"AB030595-AF08-4FA1-819D-AC8F4AF36D20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:teams:1.6.00.26474:*:*:*:*:desktop:*:*\",\"matchCriteriaId\":\"4260DF96-DB1A-4E91-BE70-DE05424FF883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:webp_image_extension:1.0.62681.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B1FD6D-F6BA-4992-BD0C-3B2A327F00BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"2804DDE4-B0A4-4B7F-A318-F491B6316B34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.2\",\"matchCriteriaId\":\"E50A797C-2C6C-46A5-A9D0-8CD877EBA3CD\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/21/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/3\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/5\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/6\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/7\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/8\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/7\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/2\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.isosceles.com/the-webp-0day/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1215231\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1479274\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://en.bandisoft.com/honeyview/history/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37478403\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-4863\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-05\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230929-0011/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bentley.com/advisories/be-2023-0001/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5496\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5497\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5498\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.