Action not permitted
Modal body text goes here.
CVE-2023-5129
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
Replaced by CVE-2023-4863
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2023-09-27T20:39:31.615Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u0026nbsp;Duplicate of CVE-2023-4863."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863."
}
],
"replacedBy": [
"CVE-2023-4863"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-5129",
"datePublished": "2023-09-25T20:42:25.119Z",
"dateRejected": "2023-09-27T20:37:35.338Z",
"dateReserved": "2023-09-22T16:08:02.895Z",
"dateUpdated": "2023-09-27T20:39:31.615Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5129\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2023-09-25T21:15:16.667\",\"lastModified\":\"2023-11-07T04:23:29.527\",\"vulnStatus\":\"Rejected\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863.\"}],\"metrics\":{},\"references\":[]}}"
}
}
rhsa-2023_5204
Vulnerability from csaf_redhat
Published
2023-09-18 15:19
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5204",
"url": "https://access.redhat.com/errata/RHSA-2023:5204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5204.json"
}
],
"title": "Red Hat Security Advisory: libwebp security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:30+00:00",
"generator": {
"date": "2024-09-16T13:40:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5204",
"initial_release_date": "2023-09-18T15:19:12+00:00",
"revision_history": [
{
"date": "2023-09-18T15:19:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T15:19:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.2.0-6.el9_0.src",
"product": {
"name": "libwebp-0:1.2.0-6.el9_0.src",
"product_id": "libwebp-0:1.2.0-6.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.2.0-6.el9_0.aarch64",
"product": {
"name": "libwebp-0:1.2.0-6.el9_0.aarch64",
"product_id": "libwebp-0:1.2.0-6.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"product": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"product_id": "libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"product": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"product_id": "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product_id": "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product_id": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.2.0-6.el9_0.ppc64le",
"product": {
"name": "libwebp-0:1.2.0-6.el9_0.ppc64le",
"product_id": "libwebp-0:1.2.0-6.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"product": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"product_id": "libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"product": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"product_id": "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product_id": "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product_id": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.2.0-6.el9_0.i686",
"product": {
"name": "libwebp-0:1.2.0-6.el9_0.i686",
"product_id": "libwebp-0:1.2.0-6.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-6.el9_0.i686",
"product": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.i686",
"product_id": "libwebp-devel-0:1.2.0-6.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"product": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"product_id": "libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"product_id": "libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"product_id": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.2.0-6.el9_0.x86_64",
"product": {
"name": "libwebp-0:1.2.0-6.el9_0.x86_64",
"product_id": "libwebp-0:1.2.0-6.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"product": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"product_id": "libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"product": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"product_id": "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product_id": "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product_id": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.2.0-6.el9_0.s390x",
"product": {
"name": "libwebp-0:1.2.0-6.el9_0.s390x",
"product_id": "libwebp-0:1.2.0-6.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-6.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-6.el9_0.s390x",
"product": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.s390x",
"product_id": "libwebp-devel-0:1.2.0-6.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"product": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"product_id": "libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-6.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"product_id": "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-6.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"product_id": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-6.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-6.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64"
},
"product_reference": "libwebp-0:1.2.0-6.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686"
},
"product_reference": "libwebp-0:1.2.0-6.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le"
},
"product_reference": "libwebp-0:1.2.0-6.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x"
},
"product_reference": "libwebp-0:1.2.0-6.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-6.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src"
},
"product_reference": "libwebp-0:1.2.0-6.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64"
},
"product_reference": "libwebp-0:1.2.0-6.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64"
},
"product_reference": "libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686"
},
"product_reference": "libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le"
},
"product_reference": "libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x"
},
"product_reference": "libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64"
},
"product_reference": "libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686"
},
"product_reference": "libwebp-devel-0:1.2.0-6.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le"
},
"product_reference": "libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x"
},
"product_reference": "libwebp-devel-0:1.2.0-6.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64"
},
"product_reference": "libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5204"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:libwebp-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-debugsource-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-devel-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-java-debuginfo-0:1.2.0-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.i686",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:libwebp-tools-debuginfo-0:1.2.0-6.el9_0.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5201
Vulnerability from csaf_redhat
Published
2023-09-18 14:31
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5201",
"url": "https://access.redhat.com/errata/RHSA-2023:5201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5201.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:49+00:00",
"generator": {
"date": "2024-09-16T13:40:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5201",
"initial_release_date": "2023-09-18T14:31:22+00:00",
"revision_history": [
{
"date": "2023-09-18T14:31:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T14:31:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_8.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_8.src",
"product_id": "thunderbird-0:102.15.1-1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_8.aarch64",
"product_id": "thunderbird-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_8.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_8.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_8.s390x",
"product_id": "thunderbird-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5201"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5187
Vulnerability from csaf_redhat
Published
2023-09-18 13:48
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5187",
"url": "https://access.redhat.com/errata/RHSA-2023:5187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5187.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:12+00:00",
"generator": {
"date": "2024-09-16T13:40:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5187",
"initial_release_date": "2023-09-18T13:48:58+00:00",
"revision_history": [
{
"date": "2023-09-18T13:48:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:48:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_2.src",
"product": {
"name": "firefox-0:102.15.1-1.el8_2.src",
"product_id": "firefox-0:102.15.1-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_2.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el8_2.x86_64",
"product_id": "firefox-0:102.15.1-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_2.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el8_2.ppc64le",
"product_id": "firefox-0:102.15.1-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5187"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5187"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_2.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5197
Vulnerability from csaf_redhat
Published
2023-09-18 13:57
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5197",
"url": "https://access.redhat.com/errata/RHSA-2023:5197"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5197.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:21+00:00",
"generator": {
"date": "2024-09-16T13:40:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5197",
"initial_release_date": "2023-09-18T13:57:46+00:00",
"revision_history": [
{
"date": "2023-09-18T13:57:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:57:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el7_9.src",
"product": {
"name": "firefox-0:102.15.1-1.el7_9.src",
"product_id": "firefox-0:102.15.1-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el7_9.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el7_9.x86_64",
"product_id": "firefox-0:102.15.1-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el7_9.i686",
"product": {
"name": "firefox-0:102.15.1-1.el7_9.i686",
"product_id": "firefox-0:102.15.1-1.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"product_id": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el7_9.s390x",
"product": {
"name": "firefox-0:102.15.1-1.el7_9.s390x",
"product_id": "firefox-0:102.15.1-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"product_id": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el7_9.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64le",
"product_id": "firefox-0:102.15.1-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el7_9.ppc64",
"product": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64",
"product_id": "firefox-0:102.15.1-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.15.1-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5205
Vulnerability from csaf_redhat
Published
2023-09-18 15:19
Modified
2024-09-16 13:41
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5205",
"url": "https://access.redhat.com/errata/RHSA-2023:5205"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5205.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-09-16T13:41:07+00:00",
"generator": {
"date": "2024-09-16T13:41:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5205",
"initial_release_date": "2023-09-18T15:19:44+00:00",
"revision_history": [
{
"date": "2023-09-18T15:19:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T15:19:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:41:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_0.src",
"product": {
"name": "firefox-0:102.15.1-1.el9_0.src",
"product_id": "firefox-0:102.15.1-1.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_0.aarch64",
"product": {
"name": "firefox-0:102.15.1-1.el9_0.aarch64",
"product_id": "firefox-0:102.15.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"product_id": "firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_0.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el9_0.ppc64le",
"product_id": "firefox-0:102.15.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_0.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el9_0.x86_64",
"product_id": "firefox-0:102.15.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el9_0.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el9_0.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_0.s390x",
"product": {
"name": "firefox-0:102.15.1-1.el9_0.s390x",
"product_id": "firefox-0:102.15.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"product_id": "firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"product_id": "firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64"
},
"product_reference": "firefox-0:102.15.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src"
},
"product_reference": "firefox-0:102.15.1-1.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5205"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el9_0.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5192
Vulnerability from csaf_redhat
Published
2023-09-18 13:52
Modified
2024-09-16 13:41
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5192",
"url": "https://access.redhat.com/errata/RHSA-2023:5192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5192.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-09-16T13:41:16+00:00",
"generator": {
"date": "2024-09-16T13:41:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5192",
"initial_release_date": "2023-09-18T13:52:27+00:00",
"revision_history": [
{
"date": "2023-09-18T13:52:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:52:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:41:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_4.src",
"product": {
"name": "firefox-0:102.15.1-1.el8_4.src",
"product_id": "firefox-0:102.15.1-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el8_4.x86_64",
"product_id": "firefox-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "firefox-0:102.15.1-1.el8_4.aarch64",
"product_id": "firefox-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el8_4.ppc64le",
"product_id": "firefox-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "firefox-0:102.15.1-1.el8_4.s390x",
"product_id": "firefox-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5224
Vulnerability from csaf_redhat
Published
2023-09-19 08:05
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5224",
"url": "https://access.redhat.com/errata/RHSA-2023:5224"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5224.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:24+00:00",
"generator": {
"date": "2024-09-16T13:40:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5224",
"initial_release_date": "2023-09-19T08:05:47+00:00",
"revision_history": [
{
"date": "2023-09-19T08:05:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-19T08:05:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_2.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_2.src",
"product_id": "thunderbird-0:102.15.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_2.aarch64",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_2.aarch64",
"product_id": "thunderbird-0:102.15.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_2.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_2.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_2.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_2.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_2.s390x",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_2.s390x",
"product_id": "thunderbird-0:102.15.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5224"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5224"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:thunderbird-debugsource-0:102.15.1-1.el9_2.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5198
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2024-09-16 13:41
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5198",
"url": "https://access.redhat.com/errata/RHSA-2023:5198"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5198.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-09-16T13:41:25+00:00",
"generator": {
"date": "2024-09-16T13:41:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5198",
"initial_release_date": "2023-09-18T13:54:07+00:00",
"revision_history": [
{
"date": "2023-09-18T13:54:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:54:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:41:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_6.src",
"product": {
"name": "firefox-0:102.15.1-1.el8_6.src",
"product_id": "firefox-0:102.15.1-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_6.aarch64",
"product": {
"name": "firefox-0:102.15.1-1.el8_6.aarch64",
"product_id": "firefox-0:102.15.1-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_6.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el8_6.ppc64le",
"product_id": "firefox-0:102.15.1-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_6.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el8_6.x86_64",
"product_id": "firefox-0:102.15.1-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_6.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_6.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_6.s390x",
"product": {
"name": "firefox-0:102.15.1-1.el8_6.s390x",
"product_id": "firefox-0:102.15.1-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64"
},
"product_reference": "firefox-0:102.15.1-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5198"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5198"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.15.1-1.el8_6.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5200
Vulnerability from csaf_redhat
Published
2023-09-18 14:29
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5200",
"url": "https://access.redhat.com/errata/RHSA-2023:5200"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5200.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:39+00:00",
"generator": {
"date": "2024-09-16T13:40:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5200",
"initial_release_date": "2023-09-18T14:29:44+00:00",
"revision_history": [
{
"date": "2023-09-18T14:29:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T14:29:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_2.src",
"product": {
"name": "firefox-0:102.15.1-1.el9_2.src",
"product_id": "firefox-0:102.15.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_2.aarch64",
"product": {
"name": "firefox-0:102.15.1-1.el9_2.aarch64",
"product_id": "firefox-0:102.15.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:102.15.1-1.el9_2.aarch64",
"product": {
"name": "firefox-x11-0:102.15.1-1.el9_2.aarch64",
"product_id": "firefox-x11-0:102.15.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"product_id": "firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_2.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el9_2.ppc64le",
"product_id": "firefox-0:102.15.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"product": {
"name": "firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"product_id": "firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_2.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el9_2.x86_64",
"product_id": "firefox-0:102.15.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:102.15.1-1.el9_2.x86_64",
"product": {
"name": "firefox-x11-0:102.15.1-1.el9_2.x86_64",
"product_id": "firefox-x11-0:102.15.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el9_2.s390x",
"product": {
"name": "firefox-0:102.15.1-1.el9_2.s390x",
"product_id": "firefox-0:102.15.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:102.15.1-1.el9_2.s390x",
"product": {
"name": "firefox-x11-0:102.15.1-1.el9_2.s390x",
"product_id": "firefox-x11-0:102.15.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@102.15.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"product_id": "firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"product_id": "firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64"
},
"product_reference": "firefox-0:102.15.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src"
},
"product_reference": "firefox-0:102.15.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:102.15.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64"
},
"product_reference": "firefox-x11-0:102.15.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:102.15.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le"
},
"product_reference": "firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:102.15.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x"
},
"product_reference": "firefox-x11-0:102.15.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:102.15.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64"
},
"product_reference": "firefox-x11-0:102.15.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5200"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5200"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.15.1-1.el9_2.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5188
Vulnerability from csaf_redhat
Published
2023-09-18 13:45
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5188",
"url": "https://access.redhat.com/errata/RHSA-2023:5188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5188.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:30+00:00",
"generator": {
"date": "2024-09-16T13:40:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5188",
"initial_release_date": "2023-09-18T13:45:59+00:00",
"revision_history": [
{
"date": "2023-09-18T13:45:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:45:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_1.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_1.src",
"product_id": "thunderbird-0:102.15.1-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_1.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_1.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5188"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5188"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:thunderbird-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5186
Vulnerability from csaf_redhat
Published
2023-09-18 13:49
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5186",
"url": "https://access.redhat.com/errata/RHSA-2023:5186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5186.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:48+00:00",
"generator": {
"date": "2024-09-16T13:40:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5186",
"initial_release_date": "2023-09-18T13:49:01+00:00",
"revision_history": [
{
"date": "2023-09-18T13:49:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:49:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_2.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_2.src",
"product_id": "thunderbird-0:102.15.1-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_2.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_2.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_2.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5186"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5186"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.E4S:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.src",
"AppStream-8.2.0.Z.TUS:thunderbird-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_2.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5236
Vulnerability from csaf_redhat
Published
2023-09-19 12:43
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: libwebp: critical security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update
Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which give
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which give\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5236",
"url": "https://access.redhat.com/errata/RHSA-2023:5236"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5236.json"
}
],
"title": "Red Hat Security Advisory: libwebp: critical security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:33+00:00",
"generator": {
"date": "2024-09-16T13:40:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5236",
"initial_release_date": "2023-09-19T12:43:31+00:00",
"revision_history": [
{
"date": "2023-09-19T12:43:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-19T12:43:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.2.el8_1.1.src",
"product": {
"name": "libwebp-0:1.0.0-5.2.el8_1.1.src",
"product_id": "libwebp-0:1.0.0-5.2.el8_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"product": {
"name": "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_id": "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"product": {
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_id": "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"product": {
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_id": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_id": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_id": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.2.el8_1.1.i686",
"product": {
"name": "libwebp-0:1.0.0-5.2.el8_1.1.i686",
"product_id": "libwebp-0:1.0.0-5.2.el8_1.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"product": {
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"product_id": "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"product": {
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"product_id": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product_id": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product_id": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"product": {
"name": "libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"product_id": "libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-5.2.el8_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"product": {
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"product_id": "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-5.2.el8_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"product": {
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"product_id": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-5.2.el8_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product_id": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product_id": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-5.2.el8_1.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686"
},
"product_reference": "libwebp-0:1.0.0-5.2.el8_1.1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le"
},
"product_reference": "libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.2.el8_1.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src"
},
"product_reference": "libwebp-0:1.0.0-5.2.el8_1.1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64"
},
"product_reference": "libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686"
},
"product_reference": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le"
},
"product_reference": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686"
},
"product_reference": "libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le"
},
"product_reference": "libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64"
},
"product_reference": "libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.src",
"AppStream-8.1.0.Z.E4S:libwebp-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-debugsource-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-devel-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.i686",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.ppc64le",
"AppStream-8.1.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-5.2.el8_1.1.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5184
Vulnerability from csaf_redhat
Published
2023-09-18 13:37
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5184",
"url": "https://access.redhat.com/errata/RHSA-2023:5184"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5184.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:58+00:00",
"generator": {
"date": "2024-09-16T13:40:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5184",
"initial_release_date": "2023-09-18T13:37:09+00:00",
"revision_history": [
{
"date": "2023-09-18T13:37:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:37:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.src",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.src",
"product_id": "firefox-0:102.15.1-1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.aarch64",
"product_id": "firefox-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.ppc64le",
"product_id": "firefox-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.x86_64",
"product_id": "firefox-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.s390x",
"product_id": "firefox-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5184"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5184"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5202
Vulnerability from csaf_redhat
Published
2023-09-18 14:30
Modified
2024-09-16 13:41
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5202",
"url": "https://access.redhat.com/errata/RHSA-2023:5202"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5202.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-09-16T13:41:17+00:00",
"generator": {
"date": "2024-09-16T13:41:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5202",
"initial_release_date": "2023-09-18T14:30:13+00:00",
"revision_history": [
{
"date": "2023-09-18T14:30:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T14:30:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:41:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_6.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_6.src",
"product_id": "thunderbird-0:102.15.1-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_6.aarch64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_6.aarch64",
"product_id": "thunderbird-0:102.15.1-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_6.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_6.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_6.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_6.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_6.s390x",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_6.s390x",
"product_id": "thunderbird-0:102.15.1-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5202"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5202"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.src",
"AppStream-8.6.0.Z.EUS:thunderbird-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el8_6.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5214
Vulnerability from csaf_redhat
Published
2023-09-19 08:06
Modified
2024-09-16 13:41
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libwebp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5214",
"url": "https://access.redhat.com/errata/RHSA-2023:5214"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5214.json"
}
],
"title": "Red Hat Security Advisory: libwebp security update",
"tracking": {
"current_release_date": "2024-09-16T13:41:53+00:00",
"generator": {
"date": "2024-09-16T13:41:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5214",
"initial_release_date": "2023-09-19T08:06:01+00:00",
"revision_history": [
{
"date": "2023-09-19T08:06:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-19T08:06:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:41:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"product": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"product_id": "libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"product": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"product_id": "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product_id": "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product_id": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-0:1.2.0-7.el9_2.aarch64",
"product": {
"name": "libwebp-0:1.2.0-7.el9_2.aarch64",
"product_id": "libwebp-0:1.2.0-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"product": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"product_id": "libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"product": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"product_id": "libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"product": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"product_id": "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product_id": "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product_id": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-0:1.2.0-7.el9_2.ppc64le",
"product": {
"name": "libwebp-0:1.2.0-7.el9_2.ppc64le",
"product_id": "libwebp-0:1.2.0-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"product": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"product_id": "libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"product": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"product_id": "libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"product": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"product_id": "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product_id": "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product_id": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-0:1.2.0-7.el9_2.x86_64",
"product": {
"name": "libwebp-0:1.2.0-7.el9_2.x86_64",
"product_id": "libwebp-0:1.2.0-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"product": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"product_id": "libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-tools-0:1.2.0-7.el9_2.s390x",
"product": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.s390x",
"product_id": "libwebp-tools-0:1.2.0-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools@1.2.0-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"product": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"product_id": "libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"product_id": "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"product_id": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-0:1.2.0-7.el9_2.s390x",
"product": {
"name": "libwebp-0:1.2.0-7.el9_2.s390x",
"product_id": "libwebp-0:1.2.0-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-7.el9_2.s390x",
"product": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.s390x",
"product_id": "libwebp-devel-0:1.2.0-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.2.0-7.el9_2.src",
"product": {
"name": "libwebp-0:1.2.0-7.el9_2.src",
"product_id": "libwebp-0:1.2.0-7.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.2.0-7.el9_2.i686",
"product": {
"name": "libwebp-0:1.2.0-7.el9_2.i686",
"product_id": "libwebp-0:1.2.0-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.2.0-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.2.0-7.el9_2.i686",
"product": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.i686",
"product_id": "libwebp-devel-0:1.2.0-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.2.0-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"product": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"product_id": "libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.2.0-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"product": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"product_id": "libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.2.0-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"product": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"product_id": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.2.0-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"product": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"product_id": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.2.0-7.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-tools-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.src as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.src",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-tools-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5214"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5214"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.src",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-debugsource-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-devel-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-0:1.2.0-7.el9_2.x86_64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.aarch64",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.i686",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.ppc64le",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.s390x",
"CRB-9.2.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.2.0-7.el9_2.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5185
Vulnerability from csaf_redhat
Published
2023-09-18 13:34
Modified
2024-09-16 13:41
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5185",
"url": "https://access.redhat.com/errata/RHSA-2023:5185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5185.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-09-16T13:41:25+00:00",
"generator": {
"date": "2024-09-16T13:41:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5185",
"initial_release_date": "2023-09-18T13:34:00+00:00",
"revision_history": [
{
"date": "2023-09-18T13:34:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:34:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:41:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.src",
"product_id": "thunderbird-0:102.15.1-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.aarch64",
"product_id": "thunderbird-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.s390x",
"product_id": "thunderbird-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5185"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5185"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5191
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5191",
"url": "https://access.redhat.com/errata/RHSA-2023:5191"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5191.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:40+00:00",
"generator": {
"date": "2024-09-16T13:40:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5191",
"initial_release_date": "2023-09-18T13:54:41+00:00",
"revision_history": [
{
"date": "2023-09-18T13:54:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:54:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el7_9.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el7_9.src",
"product_id": "thunderbird-0:102.15.1-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el7_9.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el7_9.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el7_9.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5191"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5191"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:102.15.1-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:102.15.1-1.el7_9.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5223
Vulnerability from csaf_redhat
Published
2023-09-19 08:04
Modified
2024-09-16 13:41
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5223",
"url": "https://access.redhat.com/errata/RHSA-2023:5223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5223.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-09-16T13:41:44+00:00",
"generator": {
"date": "2024-09-16T13:41:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5223",
"initial_release_date": "2023-09-19T08:04:31+00:00",
"revision_history": [
{
"date": "2023-09-19T08:04:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-19T08:04:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:41:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_0.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_0.src",
"product_id": "thunderbird-0:102.15.1-1.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_0.aarch64",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_0.aarch64",
"product_id": "thunderbird-0:102.15.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_0.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_0.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_0.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_0.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el9_0.s390x",
"product": {
"name": "thunderbird-0:102.15.1-1.el9_0.s390x",
"product_id": "thunderbird-0:102.15.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5223"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.src",
"AppStream-9.0.0.Z.EUS:thunderbird-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debuginfo-0:102.15.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:thunderbird-debugsource-0:102.15.1-1.el9_0.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5309
Vulnerability from csaf_redhat
Published
2023-09-20 16:46
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libwebp is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5309",
"url": "https://access.redhat.com/errata/RHSA-2023:5309"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5309.json"
}
],
"title": "Red Hat Security Advisory: libwebp security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:42+00:00",
"generator": {
"date": "2024-09-16T13:40:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5309",
"initial_release_date": "2023-09-20T16:46:21+00:00",
"revision_history": [
{
"date": "2023-09-20T16:46:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-20T16:46:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-8.el8_8.1.src",
"product": {
"name": "libwebp-0:1.0.0-8.el8_8.1.src",
"product_id": "libwebp-0:1.0.0-8.el8_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-8.el8_8.1.aarch64",
"product": {
"name": "libwebp-0:1.0.0-8.el8_8.1.aarch64",
"product_id": "libwebp-0:1.0.0-8.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"product": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"product_id": "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"product": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"product_id": "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product_id": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product_id": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"product": {
"name": "libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"product_id": "libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"product": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"product_id": "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"product": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"product_id": "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product_id": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product_id": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-8.el8_8.1.i686",
"product": {
"name": "libwebp-0:1.0.0-8.el8_8.1.i686",
"product_id": "libwebp-0:1.0.0-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"product": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"product_id": "libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"product": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"product_id": "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product_id": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product_id": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-8.el8_8.1.x86_64",
"product": {
"name": "libwebp-0:1.0.0-8.el8_8.1.x86_64",
"product_id": "libwebp-0:1.0.0-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"product": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"product_id": "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"product": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"product_id": "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product_id": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product_id": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-8.el8_8.1.s390x",
"product": {
"name": "libwebp-0:1.0.0-8.el8_8.1.s390x",
"product_id": "libwebp-0:1.0.0-8.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-8.el8_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"product": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"product_id": "libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-8.el8_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"product": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"product_id": "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-8.el8_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product_id": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-8.el8_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product_id": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-8.el8_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-8.el8_8.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64"
},
"product_reference": "libwebp-0:1.0.0-8.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686"
},
"product_reference": "libwebp-0:1.0.0-8.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le"
},
"product_reference": "libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x"
},
"product_reference": "libwebp-0:1.0.0-8.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-8.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src"
},
"product_reference": "libwebp-0:1.0.0-8.el8_8.1.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64"
},
"product_reference": "libwebp-0:1.0.0-8.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686"
},
"product_reference": "libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le"
},
"product_reference": "libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x"
},
"product_reference": "libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64"
},
"product_reference": "libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686"
},
"product_reference": "libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le"
},
"product_reference": "libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x"
},
"product_reference": "libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64"
},
"product_reference": "libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5309"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5309"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.src",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-8.el8_8.1.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.i686",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-8.el8_8.1.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5189
Vulnerability from csaf_redhat
Published
2023-09-18 13:54
Modified
2024-09-16 13:41
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5189",
"url": "https://access.redhat.com/errata/RHSA-2023:5189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5189.json"
}
],
"title": "Red Hat Security Advisory: libwebp security update",
"tracking": {
"current_release_date": "2024-09-16T13:41:07+00:00",
"generator": {
"date": "2024-09-16T13:41:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5189",
"initial_release_date": "2023-09-18T13:54:00+00:00",
"revision_history": [
{
"date": "2023-09-18T13:54:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:54:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:41:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_6.1.src",
"product": {
"name": "libwebp-0:1.0.0-7.el8_6.1.src",
"product_id": "libwebp-0:1.0.0-7.el8_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_6.1.aarch64",
"product": {
"name": "libwebp-0:1.0.0-7.el8_6.1.aarch64",
"product_id": "libwebp-0:1.0.0-7.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"product": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"product_id": "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"product": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"product_id": "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product_id": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product_id": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"product": {
"name": "libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"product_id": "libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"product": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"product_id": "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"product": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"product_id": "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product_id": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product_id": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_6.1.i686",
"product": {
"name": "libwebp-0:1.0.0-7.el8_6.1.i686",
"product_id": "libwebp-0:1.0.0-7.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"product": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"product_id": "libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"product": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"product_id": "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product_id": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product_id": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_6.1.x86_64",
"product": {
"name": "libwebp-0:1.0.0-7.el8_6.1.x86_64",
"product_id": "libwebp-0:1.0.0-7.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"product": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"product_id": "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"product": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"product_id": "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product_id": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product_id": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_6.1.s390x",
"product": {
"name": "libwebp-0:1.0.0-7.el8_6.1.s390x",
"product_id": "libwebp-0:1.0.0-7.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"product": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"product_id": "libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"product": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"product_id": "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product_id": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product_id": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64"
},
"product_reference": "libwebp-0:1.0.0-7.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686"
},
"product_reference": "libwebp-0:1.0.0-7.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le"
},
"product_reference": "libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x"
},
"product_reference": "libwebp-0:1.0.0-7.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src"
},
"product_reference": "libwebp-0:1.0.0-7.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64"
},
"product_reference": "libwebp-0:1.0.0-7.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5189"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5189"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libwebp-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-debugsource-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-devel-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-7.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_6.1.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5190
Vulnerability from csaf_redhat
Published
2023-09-18 13:48
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: libwebp security update
Notes
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5190",
"url": "https://access.redhat.com/errata/RHSA-2023:5190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5190.json"
}
],
"title": "Red Hat Security Advisory: libwebp security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:02+00:00",
"generator": {
"date": "2024-09-16T13:40:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5190",
"initial_release_date": "2023-09-18T13:48:59+00:00",
"revision_history": [
{
"date": "2023-09-18T13:48:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:48:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_2.1.src",
"product": {
"name": "libwebp-0:1.0.0-7.el8_2.1.src",
"product_id": "libwebp-0:1.0.0-7.el8_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_2.1.i686",
"product": {
"name": "libwebp-0:1.0.0-7.el8_2.1.i686",
"product_id": "libwebp-0:1.0.0-7.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"product": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"product_id": "libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"product": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"product_id": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product_id": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product_id": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_2.1.x86_64",
"product": {
"name": "libwebp-0:1.0.0-7.el8_2.1.x86_64",
"product_id": "libwebp-0:1.0.0-7.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"product": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"product_id": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"product": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"product_id": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product_id": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product_id": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"product": {
"name": "libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"product_id": "libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp@1.0.0-7.el8_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"product": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"product_id": "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-7.el8_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"product": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"product_id": "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-7.el8_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product_id": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product_id": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product_id": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-7.el8_2.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
},
"product_reference": "libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5190"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.E4S:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.ppc64le",
"AppStream-8.2.0.Z.E4S:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.src",
"AppStream-8.2.0.Z.TUS:libwebp-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-debugsource-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-devel-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-java-debuginfo-0:1.0.0-7.el8_2.1.x86_64",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.i686",
"AppStream-8.2.0.Z.TUS:libwebp-tools-debuginfo-0:1.0.0-7.el8_2.1.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
rhsa-2023_5183
Vulnerability from csaf_redhat
Published
2023-09-18 13:34
Modified
2024-09-16 13:40
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5183",
"url": "https://access.redhat.com/errata/RHSA-2023:5183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5183.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-09-16T13:40:21+00:00",
"generator": {
"date": "2024-09-16T13:40:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5183",
"initial_release_date": "2023-09-18T13:34:55+00:00",
"revision_history": [
{
"date": "2023-09-18T13:34:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:34:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T13:40:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_1.src",
"product": {
"name": "firefox-0:102.15.1-1.el8_1.src",
"product_id": "firefox-0:102.15.1-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el8_1.ppc64le",
"product_id": "firefox-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el8_1.x86_64",
"product_id": "firefox-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5183"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
wid-sec-w-2023-2548
Vulnerability from csaf_certbund
Published
2023-10-03 22:00
Modified
2023-10-03 22:00
Summary
Google Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Android
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Android",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2548 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2548.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2548 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2548"
},
{
"category": "external",
"summary": "Android Patchday Oktober 2023 vom 2023-10-03",
"url": "https://source.android.com/docs/security/bulletin/2023-10-01"
}
],
"source_lang": "en-US",
"title": "Google Android: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:46:35.555+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2548",
"initial_release_date": "2023-10-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Google Android 11",
"product": {
"name": "Google Android 11",
"product_id": "T017166",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:11"
}
}
},
{
"category": "product_name",
"name": "Google Android 12",
"product": {
"name": "Google Android 12",
"product_id": "T020881",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:12"
}
}
},
{
"category": "product_name",
"name": "Google Android 13",
"product": {
"name": "Google Android 13",
"product_id": "T029729",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:13"
}
}
},
{
"category": "product_name",
"name": "Google Android 12L",
"product": {
"name": "Google Android 12L",
"product_id": "T030210",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:12l"
}
}
}
],
"category": "product_name",
"name": "Android"
}
],
"category": "vendor",
"name": "Google"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5129",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-5129"
},
{
"cve": "CVE-2023-4863",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-4863"
},
{
"cve": "CVE-2023-4211",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-4211"
},
{
"cve": "CVE-2023-40638",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40638"
},
{
"cve": "CVE-2023-40140",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40140"
},
{
"cve": "CVE-2023-40139",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40139"
},
{
"cve": "CVE-2023-40138",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40138"
},
{
"cve": "CVE-2023-40137",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40137"
},
{
"cve": "CVE-2023-40136",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40136"
},
{
"cve": "CVE-2023-40135",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40135"
},
{
"cve": "CVE-2023-40134",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40134"
},
{
"cve": "CVE-2023-40133",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40133"
},
{
"cve": "CVE-2023-40131",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40131"
},
{
"cve": "CVE-2023-40130",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40130"
},
{
"cve": "CVE-2023-40129",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40129"
},
{
"cve": "CVE-2023-40128",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40128"
},
{
"cve": "CVE-2023-40127",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40127"
},
{
"cve": "CVE-2023-40125",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40125"
},
{
"cve": "CVE-2023-40123",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40123"
},
{
"cve": "CVE-2023-40121",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40121"
},
{
"cve": "CVE-2023-40120",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40120"
},
{
"cve": "CVE-2023-40117",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40117"
},
{
"cve": "CVE-2023-40116",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-40116"
},
{
"cve": "CVE-2023-34970",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-34970"
},
{
"cve": "CVE-2023-33200",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-33200"
},
{
"cve": "CVE-2023-33035",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-33035"
},
{
"cve": "CVE-2023-33034",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-33034"
},
{
"cve": "CVE-2023-33029",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-33029"
},
{
"cve": "CVE-2023-33028",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-33028"
},
{
"cve": "CVE-2023-33027",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-33027"
},
{
"cve": "CVE-2023-33026",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-33026"
},
{
"cve": "CVE-2023-32820",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-32820"
},
{
"cve": "CVE-2023-32819",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-32819"
},
{
"cve": "CVE-2023-28540",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-28540"
},
{
"cve": "CVE-2023-24855",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-24855"
},
{
"cve": "CVE-2023-24853",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-24853"
},
{
"cve": "CVE-2023-24850",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-24850"
},
{
"cve": "CVE-2023-24849",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-24849"
},
{
"cve": "CVE-2023-24848",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-24848"
},
{
"cve": "CVE-2023-24847",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-24847"
},
{
"cve": "CVE-2023-24844",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-24844"
},
{
"cve": "CVE-2023-24843",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-24843"
},
{
"cve": "CVE-2023-22385",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-22385"
},
{
"cve": "CVE-2023-21673",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-21673"
},
{
"cve": "CVE-2023-21291",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-21291"
},
{
"cve": "CVE-2023-21266",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-21266"
},
{
"cve": "CVE-2023-21253",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-21253"
},
{
"cve": "CVE-2023-21252",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-21252"
},
{
"cve": "CVE-2023-21244",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-21244"
},
{
"cve": "CVE-2023-20819",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2023-20819"
},
{
"cve": "CVE-2022-28348",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2022-28348"
},
{
"cve": "CVE-2021-44828",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Framework\", \"System\", \"Google Play System Updates\", \"ARM components\", \"MediaTek components\", \"Unisoc components\", \"Qualcomm components\" sowie\"Qualcomm closed-source components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T030210",
"T029729",
"T020881",
"T017166"
]
},
"release_date": "2023-10-03T22:00:00Z",
"title": "CVE-2021-44828"
}
]
}
wid-sec-w-2023-2305
Vulnerability from csaf_certbund
Published
2023-09-11 22:00
Modified
2024-02-20 23:00
Summary
Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Internet-Browser von Microsoft.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2305 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2305.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2305 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2305"
},
{
"category": "external",
"summary": "Google Chrome Stable Channel Update for Desktop vom 2023-09-11",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheiztsupdates vom 2023-09-12",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-F8319BD876 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f8319bd876"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-C4FA8A204D vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4fa8a204d"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-3388038193 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3388038193"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-509640A8A6 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-788F9BBB3F vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-788f9bbb3f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-32FA4259F4 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-32fa4259f4"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-9A6FD7A504 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a6fd7a504"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-3D1935DC6A vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d1935dc6a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-EA08732E6A vom 2023-09-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-D58A84DDA8 vom 2023-09-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-0DE0929147 vom 2023-09-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0de0929147"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-C66924CB92 vom 2023-09-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-54433BC31F vom 2023-09-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-3BFB63F6D2 vom 2023-09-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5185 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5185"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-A33B8C01E7 vom 2023-09-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a33b8c01e7"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-05DC047BF8 vom 2023-09-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-05dc047bf8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-79B0154754 vom 2023-09-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-B427F54E68 vom 2023-09-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5222 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5222"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5214 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5309 vom 2023-09-20",
"url": "https://access.redhat.com/errata/RHSA-2023:5309"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5309 vom 2023-09-20",
"url": "https://linux.oracle.com/errata/ELSA-2023-5309.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5214 vom 2023-09-20",
"url": "http://linux.oracle.com/errata/ELSA-2023-5214.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-DA064561FA vom 2023-09-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-da064561fa"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-9ABC3565B5 vom 2023-09-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-09CC239FE3 vom 2023-09-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3"
},
{
"category": "external",
"summary": "Important release of LibreOffice",
"url": "https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6369-2 vom 2023-09-28",
"url": "https://ubuntu.com/security/notices/USN-6369-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3829-1 vom 2023-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016363.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-E692A72898 vom 2023-09-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e692a72898"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-9108CDA47C vom 2023-09-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-9108cda47c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-2A0668FE43 vom 2023-09-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-2a0668fe43"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-CCA1F87440 vom 2023-09-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cca1f87440"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-0CD03C3746 vom 2023-09-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0cd03c3746"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-C890266D3F vom 2023-09-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c890266d3f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-D66A01AD4F vom 2023-09-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d66a01ad4f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-8F3E1B6F78 vom 2023-09-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8f3e1b6f78"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-EDC9C74369 vom 2023-09-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-edc9c74369"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20230929-0011 vom 2023-09-29",
"url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
},
{
"category": "external",
"summary": "Elastic Security Announcement ESA-2023-19 vom 2023-10-10",
"url": "https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2290 vom 2023-10-20",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2290.html"
},
{
"category": "external",
"summary": "WatchGuard Security Advisory WGSA-2023-00008 vom 2023-11-01",
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00008"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-396 vom 2023-12-06",
"url": "https://www.dell.com/support/kbdoc/000218770/dsa-2023-="
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBPI03916 vom 2024-02-13",
"url": "https://support.hp.com/us-en/document/ish_10173649-10204798-16/HPSBPI03916"
}
],
"source_lang": "en-US",
"title": "Google Chrome / Microsoft Edge: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-02-20T23:00:00.000+00:00",
"generator": {
"date": "2024-02-21T11:06:38.970+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2305",
"initial_release_date": "2023-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-09-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-09-17T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-09-18T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und Fedora aufgenommen"
},
{
"date": "2023-09-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2023-09-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-09-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2023-09-28T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-10-01T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Fedora und NetApp aufgenommen"
},
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Elastic aufgenommen"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-11-01T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von WatchGuard aufgenommen"
},
{
"date": "2023-12-05T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-02-20T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von HP aufgenommen"
}
],
"status": "final",
"version": "16"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Computer",
"product": {
"name": "Dell Computer",
"product_id": "T006498",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 116.0.5845.187",
"product": {
"name": "Google Chrome \u003c 116.0.5845.187",
"product_id": "T029774",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:116.0.5845.187"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 116.0.5845.188",
"product": {
"name": "Google Chrome \u003c 116.0.5845.188",
"product_id": "T029775",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:116.0.5845.188"
}
}
}
],
"category": "product_name",
"name": "Chrome"
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "HP LaserJet",
"product": {
"name": "HP LaserJet",
"product_id": "T029061",
"product_identification_helper": {
"cpe": "cpe:/h:hp:laserjet:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 116.0.1938.81",
"product": {
"name": "Microsoft Edge \u003c 116.0.1938.81",
"product_id": "T029787",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:116.0.1938.81"
}
}
}
],
"category": "product_name",
"name": "Edge"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T026333",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 8.10.3",
"product": {
"name": "Open Source Kibana \u003c 8.10.3",
"product_id": "T030371",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:kibana:8.10.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 7.17.14",
"product": {
"name": "Open Source Kibana \u003c 7.17.14",
"product_id": "T030372",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:kibana:7.17.14"
}
}
}
],
"category": "product_name",
"name": "Kibana"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 7.6.2",
"product": {
"name": "Open Source LibreOffice \u003c 7.6.2",
"product_id": "T030072",
"product_identification_helper": {
"cpe": "cpe:/a:libreoffice:libreoffice:7.6.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 7.5.7",
"product": {
"name": "Open Source LibreOffice \u003c 7.5.7",
"product_id": "T030073",
"product_identification_helper": {
"cpe": "cpe:/a:libreoffice:libreoffice:7.5.7"
}
}
}
],
"category": "product_name",
"name": "LibreOffice"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"category": "product_name",
"name": "WatchGuard Firebox",
"product": {
"name": "WatchGuard Firebox",
"product_id": "T030882",
"product_identification_helper": {
"cpe": "cpe:/a:watchguard:firebox:-"
}
}
}
],
"category": "vendor",
"name": "WatchGuard"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5129",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der WebP-Komponente aufgrund eines Heap-Puffer\u00fcberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er einen Benutzer zum Besuch einer b\u00f6sartigen Website verleitet. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T006498",
"T030882",
"T002207",
"67646",
"T000126",
"T029061",
"398363",
"T004914",
"T030372",
"T030371",
"74185",
"T026333"
]
},
"release_date": "2023-09-11T22:00:00Z",
"title": "CVE-2023-5129"
},
{
"cve": "CVE-2023-4863",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der WebP-Komponente aufgrund eines Heap-Puffer\u00fcberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er einen Benutzer zum Besuch einer b\u00f6sartigen Website verleitet. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T006498",
"T030882",
"T002207",
"67646",
"T000126",
"T029061",
"398363",
"T004914",
"T030372",
"T030371",
"74185",
"T026333"
]
},
"release_date": "2023-09-11T22:00:00Z",
"title": "CVE-2023-4863"
}
]
}
wid-sec-w-2023-2313
Vulnerability from csaf_certbund
Published
2023-09-12 22:00
Modified
2024-02-20 23:00
Summary
Mozilla Firefox und Thunderbird: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Firefox ist ein Open Source Web Browser.
ESR ist die Variante mit verlängertem Support.
Thunderbird ist ein Open Source E-Mail Client.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Firefox ist ein Open Source Web Browser. \r\nESR ist die Variante mit verl\u00e4ngertem Support.\r\nThunderbird ist ein Open Source E-Mail Client.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2313 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2313.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2313 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2313"
},
{
"category": "external",
"summary": "Mozilla Security Advisory MFSA2023-40 vom 2023-09-12",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-F8319BD876 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f8319bd876"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-C4FA8A204D vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4fa8a204d"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-3388038193 vom 2023-09-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3388038193"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5497 vom 2023-09-13",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00189.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5496 vom 2023-09-13",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00188.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6367-1 vom 2023-09-14",
"url": "https://ubuntu.com/security/notices/USN-6367-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3610-1 vom 2023-09-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016157.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3609-1 vom 2023-09-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016158.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5205 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5205"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5188 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5188"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5189 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5189"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5192 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5192"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5200 vom 2023-09-19",
"url": "https://linux.oracle.com/errata/ELSA-2023-5200.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5191 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5191"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5197 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5197"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5198 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5198"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5201 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5200 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5200"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5202 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5202"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5204 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5204"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5197 vom 2023-09-19",
"url": "https://linux.oracle.com/errata/ELSA-2023-5197.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5191 vom 2023-09-19",
"url": "https://linux.oracle.com/errata/ELSA-2023-5191.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5187 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5184 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5184"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5183 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5183"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5184 vom 2023-09-19",
"url": "https://linux.oracle.com/errata/ELSA-2023-5184.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3664-1 vom 2023-09-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016188.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5186 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5186"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5190 vom 2023-09-18",
"url": "https://access.redhat.com/errata/RHSA-2023:5190"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3570 vom 2023-09-18",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3634-1 vom 2023-09-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016176.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5224 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5224"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5223 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5223"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5222 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5222"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5214 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5236 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5236"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5309 vom 2023-09-20",
"url": "https://access.redhat.com/errata/RHSA-2023:5309"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5224 vom 2023-09-20",
"url": "http://linux.oracle.com/errata/ELSA-2023-5224.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5309 vom 2023-09-20",
"url": "https://linux.oracle.com/errata/ELSA-2023-5309.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5214 vom 2023-09-20",
"url": "http://linux.oracle.com/errata/ELSA-2023-5214.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5201 vom 2023-09-20",
"url": "http://linux.oracle.com/errata/ELSA-2023-5201.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-1BCD79CDF6 vom 2023-09-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-1bcd79cdf6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-4211889C5A vom 2023-09-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4211889c5a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-981E9F53FF vom 2023-09-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3794-1 vom 2023-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016334.html"
},
{
"category": "external",
"summary": "Important release of LibreOffice",
"url": "https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6369-2 vom 2023-09-28",
"url": "https://ubuntu.com/security/notices/USN-6369-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3829-1 vom 2023-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016363.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-2A0668FE43 vom 2023-09-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-2a0668fe43"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-E692A72898 vom 2023-09-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e692a72898"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-9108CDA47C vom 2023-09-28",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-9108cda47c"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20230929-0011 vom 2023-09-29",
"url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-97EEA79ACB vom 2023-10-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-97eea79acb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-0F232991DE vom 2023-10-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0f232991de"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-BBB8D72C6F vom 2023-10-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-bbb8d72c6f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-09EC498A2A vom 2023-10-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-09ec498a2a"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASFIREFOX-2023-015 vom 2023-10-18",
"url": "https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-015.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2291 vom 2023-10-20",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2291.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202401-10 vom 2024-01-07",
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBPI03916 vom 2024-02-13",
"url": "https://support.hp.com/us-en/document/ish_10173649-10204798-16/HPSBPI03916"
}
],
"source_lang": "en-US",
"title": "Mozilla Firefox und Thunderbird: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-02-20T23:00:00.000+00:00",
"generator": {
"date": "2024-02-21T11:06:37.798+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2313",
"initial_release_date": "2023-09-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian und Ubuntu aufgenommen"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat, Oracle Linux, Fedora, SUSE und Debian aufgenommen"
},
{
"date": "2023-09-19T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2023-09-21T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-09-24T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-09-26T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2023-09-28T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-10-01T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2023-10-04T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-10-08T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-01-07T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-02-20T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von HP aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "HP LaserJet",
"product": {
"name": "HP LaserJet",
"product_id": "T029061",
"product_identification_helper": {
"cpe": "cpe:/h:hp:laserjet:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 117.0.1",
"product": {
"name": "Mozilla Firefox \u003c 117.0.1",
"product_id": "T029816",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox:117.0.1"
}
}
}
],
"category": "product_name",
"name": "Firefox"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 115.2.1",
"product": {
"name": "Mozilla Firefox ESR \u003c 115.2.1",
"product_id": "T029817",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox_esr:115.2.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 102.15.1",
"product": {
"name": "Mozilla Firefox ESR \u003c 102.15.1",
"product_id": "T029818",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox_esr:102.15.1"
}
}
}
],
"category": "product_name",
"name": "Firefox ESR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 102.15.1",
"product": {
"name": "Mozilla Thunderbird \u003c 102.15.1",
"product_id": "T029819",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:thunderbird:102.15.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 115.2.2",
"product": {
"name": "Mozilla Thunderbird \u003c 115.2.2",
"product_id": "T029820",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:thunderbird:115.2.2"
}
}
}
],
"category": "product_name",
"name": "Thunderbird"
}
],
"category": "vendor",
"name": "Mozilla"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T026333",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 7.6.2",
"product": {
"name": "Open Source LibreOffice \u003c 7.6.2",
"product_id": "T030072",
"product_identification_helper": {
"cpe": "cpe:/a:libreoffice:libreoffice:7.6.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 7.5.7",
"product": {
"name": "Open Source LibreOffice \u003c 7.5.7",
"product_id": "T030073",
"product_identification_helper": {
"cpe": "cpe:/a:libreoffice:libreoffice:7.5.7"
}
}
}
],
"category": "product_name",
"name": "LibreOffice"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5129",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird. Dieser Fehler besteht in der libwep-Komponente aufgrund eines Heap-Puffer\u00fcberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T029061",
"398363",
"T012167",
"T004914",
"74185",
"T026333"
]
},
"release_date": "2023-09-12T22:00:00Z",
"title": "CVE-2023-5129"
},
{
"cve": "CVE-2023-4863",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird. Dieser Fehler besteht in der libwep-Komponente aufgrund eines Heap-Puffer\u00fcberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T029061",
"398363",
"T012167",
"T004914",
"74185",
"T026333"
]
},
"release_date": "2023-09-12T22:00:00Z",
"title": "CVE-2023-4863"
}
]
}
wid-sec-w-2023-3099
Vulnerability from csaf_certbund
Published
2023-12-11 23:00
Modified
2023-12-11 23:00
Summary
Unify OpenScape Produkte: Mehrere Schwachstellen ermöglichen Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenScape Business ist eine All-In-One-Lösung für Unified Communication & Collaboration
OpenScape Xpert ist eine Kommunikationslösung für mehrere Leitungen.
OpenScape Contact Center Enterprise ist eine integrierte Mehrkanal Callcenter Lösung.
OpenScape UC Application ist eine Unified Communications Lösung zur Integration mit bestehenden Anwendungen.
OpenScape Voice ist eine SIP-basierte Enterprise VoIP Lösung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Unify OpenScape Produkten ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenScape Business ist eine All-In-One-L\u00f6sung f\u00fcr Unified Communication \u0026 Collaboration\r\nOpenScape Xpert ist eine Kommunikationsl\u00f6sung f\u00fcr mehrere Leitungen.\r\nOpenScape Contact Center Enterprise ist eine integrierte Mehrkanal Callcenter L\u00f6sung.\r\nOpenScape UC Application ist eine Unified Communications L\u00f6sung zur Integration mit bestehenden Anwendungen.\r\nOpenScape Voice ist eine SIP-basierte Enterprise VoIP L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Unify OpenScape Produkten ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3099 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3099.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3099 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3099"
},
{
"category": "external",
"summary": "Atos Unify Security Advisory vom 2023-12-11",
"url": "https://networks.unify.com/security/advisories/OBSO-2310-02.pdf"
}
],
"source_lang": "en-US",
"title": "Unify OpenScape Produkte: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2023-12-11T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:53:41.137+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-3099",
"initial_release_date": "2023-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Unify OpenScape Business \u003c V3R3.0.1_007",
"product": {
"name": "Unify OpenScape Business \u003c V3R3.0.1_007",
"product_id": "T031594",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_business:v3r3.0.1_007"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Unify OpenScape Contact Center \u003c V10R4.16.0",
"product": {
"name": "Unify OpenScape Contact Center \u003c V10R4.16.0",
"product_id": "T031596",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_contact_center:v10r4.16.0"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Contact Center \u003c V11 R1.12.0",
"product": {
"name": "Unify OpenScape Contact Center \u003c V11 R1.12.0",
"product_id": "T031597",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_contact_center:v11_r1.12.0"
}
}
}
],
"category": "product_name",
"name": "OpenScape Contact Center"
},
{
"category": "product_name",
"name": "Unify OpenScape UC Application \u003c V10 R5.7.0",
"product": {
"name": "Unify OpenScape UC Application \u003c V10 R5.7.0",
"product_id": "T031598",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_uc_application:v10_r5.7.0"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Voice V10",
"product": {
"name": "Unify OpenScape Voice V10",
"product_id": "T031599",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_voice:v10"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Xpert \u003c V7.0.8.4",
"product": {
"name": "Unify OpenScape Xpert \u003c V7.0.8.4",
"product_id": "T031595",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_xpert:v7.0.8.4"
}
}
}
],
"category": "vendor",
"name": "Unify"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5129",
"notes": [
{
"category": "description",
"text": "In Unify OpenScape Produkten existieren mehrere Schwachstellen. In Google WebP (libwebp) besteht der Funktion BuildHuffmanTable() in utils/huffman_utils.c, eine \u00dcberlaufbedingung, die beim Dekodieren bestimmter Streams ausgel\u00f6st wird. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031599"
]
},
"release_date": "2023-12-11T23:00:00Z",
"title": "CVE-2023-5129"
},
{
"cve": "CVE-2023-4863",
"notes": [
{
"category": "description",
"text": "In Unify OpenScape Produkten existieren mehrere Schwachstellen. In Google WebP (libwebp) besteht der Funktion BuildHuffmanTable() in utils/huffman_utils.c, eine \u00dcberlaufbedingung, die beim Dekodieren bestimmter Streams ausgel\u00f6st wird. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code zur Ausf\u00fchrung zu bringen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031599"
]
},
"release_date": "2023-12-11T23:00:00Z",
"title": "CVE-2023-4863"
}
]
}
ghsa-hhrh-69hc-fgg7
Vulnerability from github
Published
2023-09-25 21:30
Modified
2023-09-25 21:30
Severity
Details
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.
The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.
The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.
{
"affected": [],
"aliases": [
"CVE-2023-5129"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-25T21:15:16Z",
"severity": null
},
"details": "With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.\n\nThe ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.\n\nThe kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.\n\n",
"id": "GHSA-hhrh-69hc-fgg7",
"modified": "2023-09-25T21:30:26Z",
"published": "2023-09-25T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"type": "WEB",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"type": "WEB",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2023-5129
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5129",
"id": "GSD-2023-5129"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5129"
],
"details": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863.",
"id": "GSD-2023-5129",
"modified": "2023-12-13T01:20:50.471391Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2023-5129",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863."
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": []
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2023-5129"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.\n\nThe ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.\n\nThe kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": []
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"refsource": "MISC",
"tags": [],
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"refsource": "MISC",
"tags": [],
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
}
]
}
},
"impact": {},
"lastModifiedDate": "2023-09-26T12:45Z",
"publishedDate": "2023-09-25T21:15Z"
}
}
}
Loading...