Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-5129 (GCVE-0-2023-5129)
Vulnerability from cvelistv5 – Published: 2023-09-25 20:42 – Updated: 2023-09-27 20:39
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
Replaced by CVE-2023-4863
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2023-09-27T20:39:31.615Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u0026nbsp;Duplicate of CVE-2023-4863."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863."
}
],
"replacedBy": [
"CVE-2023-4863"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-5129",
"datePublished": "2023-09-25T20:42:25.119Z",
"dateRejected": "2023-09-27T20:37:35.338Z",
"dateReserved": "2023-09-22T16:08:02.895Z",
"dateUpdated": "2023-09-27T20:39:31.615Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\\u00a0Duplicate of CVE-2023-4863.\"}]",
"id": "CVE-2023-5129",
"lastModified": "2023-11-07T04:23:29.527",
"published": "2023-09-25T21:15:16.667",
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Rejected"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5129\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2023-09-25T21:15:16.667\",\"lastModified\":\"2023-11-07T04:23:29.527\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863.\"}],\"metrics\":{},\"references\":[]}}"
}
}
CERTFR-2023-AVI-0820
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits ElasticSearch. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Elastic | Elasticsearch | ElasticSearch Fleet Server versions 8.10.x antérieures à 8.10.3 | ||
| Elastic | Elasticsearch | ElasticSearch Kibana versions 8.x.x antérieures à 8.10.3 | ||
| Elastic | Elasticsearch | Elastic Sharepoint Online Python Connector versions antérieures à 8.10.3.0 | ||
| Elastic | Elasticsearch | ElasticSearch Kibana versions 7.x.x antérieures à 7.17.14 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ElasticSearch Fleet Server versions 8.10.x ant\u00e9rieures \u00e0 8.10.3",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "ElasticSearch Kibana versions 8.x.x ant\u00e9rieures \u00e0 8.10.3",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elastic Sharepoint Online Python Connector versions ant\u00e9rieures \u00e0 8.10.3.0",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "ElasticSearch Kibana versions 7.x.x ant\u00e9rieures \u00e0 7.17.14",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"name": "CVE-2023-5217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344737 du 10 octobre 2023",
"url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344735 du 10 octobre 2023",
"url": "https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344732 du 10 octobre 2023",
"url": "https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732"
}
],
"reference": "CERTFR-2023-AVI-0820",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits ElasticSearch\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ElasticSearch",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344737 du 10 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344735 du 10 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344732 du 10 octobre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0820
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits ElasticSearch. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Elastic | Elasticsearch | ElasticSearch Fleet Server versions 8.10.x antérieures à 8.10.3 | ||
| Elastic | Elasticsearch | ElasticSearch Kibana versions 8.x.x antérieures à 8.10.3 | ||
| Elastic | Elasticsearch | Elastic Sharepoint Online Python Connector versions antérieures à 8.10.3.0 | ||
| Elastic | Elasticsearch | ElasticSearch Kibana versions 7.x.x antérieures à 7.17.14 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ElasticSearch Fleet Server versions 8.10.x ant\u00e9rieures \u00e0 8.10.3",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "ElasticSearch Kibana versions 8.x.x ant\u00e9rieures \u00e0 8.10.3",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elastic Sharepoint Online Python Connector versions ant\u00e9rieures \u00e0 8.10.3.0",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "ElasticSearch Kibana versions 7.x.x ant\u00e9rieures \u00e0 7.17.14",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"name": "CVE-2023-5217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344737 du 10 octobre 2023",
"url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344735 du 10 octobre 2023",
"url": "https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344732 du 10 octobre 2023",
"url": "https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732"
}
],
"reference": "CERTFR-2023-AVI-0820",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits ElasticSearch\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ElasticSearch",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344737 du 10 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344735 du 10 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344732 du 10 octobre 2023",
"url": null
}
]
}
CNVD-2023-73247
Vulnerability from cnvd - Published: 2023-09-27
VLAI Severity ?
Title
Google libwebp开源库远程代码执行漏洞
Description
WebP是Google公司开发的一种图像格式,支持网络图像的有损和无损压缩,其压缩效果和速度较PNG和JPEG格式具有一定优势。libwebp是实现WebP图像格式编解码的C/C++开源库。libwebp通过提供功能函数和系列工具,可将图像数据编码为WebP格式,以及将WebP格式图像进行解码还原。libwebp也可作为依赖库,实现程序对WebP图像格式的支持。libwebp在容器镜像、框架、浏览器、Linux操作系统和应用程序等具有较多应用。
Google libwebp开源库存在远程代码执行漏洞,libwebp的BuildHuffmanTable函数在使用霍夫曼算法(Huffman)对Webp图片进行解码时,由于缺少必要的输入验证,存在内存越界写入缺陷。未经身份认证的攻击者通过制作恶意页面或文件,诱导用户浏览访问执行越界内存写入,实现对目标主机设备的远程任意代码执行或者敏感信息未授权访问。该漏洞在某些环境条件下可被实现零点击利用(0-Click)。
Severity
高
Patch Name
Google libwebp开源库远程代码执行漏洞的补丁
Patch Description
WebP是Google公司开发的一种图像格式,支持网络图像的有损和无损压缩,其压缩效果和速度较PNG和JPEG格式具有一定优势。libwebp是实现WebP图像格式编解码的C/C++开源库。libwebp通过提供功能函数和系列工具,可将图像数据编码为WebP格式,以及将WebP格式图像进行解码还原。libwebp也可作为依赖库,实现程序对WebP图像格式的支持。libwebp在容器镜像、框架、浏览器、Linux操作系统和应用程序等具有较多应用。
Google libwebp开源库存在远程代码执行漏洞,libwebp的BuildHuffmanTable函数在使用霍夫曼算法(Huffman)对Webp图片进行解码时,由于缺少必要的输入验证,存在内存越界写入缺陷。未经身份认证的攻击者通过制作恶意页面或文件,诱导用户浏览访问执行越界内存写入,实现对目标主机设备的远程任意代码执行或者敏感信息未授权访问。该漏洞在某些环境条件下可被实现零点击利用(0-Click)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已陆续发布新版本修复该漏洞,请及时进行版本更新和漏洞修复: https://storage.googleapis.com/downloads.webmproject.org/releases/webp/index.html https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://github.com/electron/electron/pull/39828
Reference
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
https://support.apple.com/en-us/HT213905
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
https://stackdiary.com/heap-buffer-overflow-in-libwebp-cve-2023-5129/
https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76
https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a
Impacted products
| Name | Google libwebp <1.3.2 |
|---|
{
"cves": {
"cve": [
{
"cveNumber": "CVE-2023-5129"
},
{
"cveNumber": "CVE-2023-4863"
}
]
},
"description": "WebP\u662fGoogle\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u79cd\u56fe\u50cf\u683c\u5f0f\uff0c\u652f\u6301\u7f51\u7edc\u56fe\u50cf\u7684\u6709\u635f\u548c\u65e0\u635f\u538b\u7f29\uff0c\u5176\u538b\u7f29\u6548\u679c\u548c\u901f\u5ea6\u8f83PNG\u548cJPEG\u683c\u5f0f\u5177\u6709\u4e00\u5b9a\u4f18\u52bf\u3002libwebp\u662f\u5b9e\u73b0WebP\u56fe\u50cf\u683c\u5f0f\u7f16\u89e3\u7801\u7684C/C++\u5f00\u6e90\u5e93\u3002libwebp\u901a\u8fc7\u63d0\u4f9b\u529f\u80fd\u51fd\u6570\u548c\u7cfb\u5217\u5de5\u5177\uff0c\u53ef\u5c06\u56fe\u50cf\u6570\u636e\u7f16\u7801\u4e3aWebP\u683c\u5f0f\uff0c\u4ee5\u53ca\u5c06WebP\u683c\u5f0f\u56fe\u50cf\u8fdb\u884c\u89e3\u7801\u8fd8\u539f\u3002libwebp\u4e5f\u53ef\u4f5c\u4e3a\u4f9d\u8d56\u5e93\uff0c\u5b9e\u73b0\u7a0b\u5e8f\u5bf9WebP\u56fe\u50cf\u683c\u5f0f\u7684\u652f\u6301\u3002libwebp\u5728\u5bb9\u5668\u955c\u50cf\u3001\u6846\u67b6\u3001\u6d4f\u89c8\u5668\u3001Linux\u64cd\u4f5c\u7cfb\u7edf\u548c\u5e94\u7528\u7a0b\u5e8f\u7b49\u5177\u6709\u8f83\u591a\u5e94\u7528\u3002\n\nGoogle libwebp\u5f00\u6e90\u5e93\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0clibwebp\u7684BuildHuffmanTable\u51fd\u6570\u5728\u4f7f\u7528\u970d\u592b\u66fc\u7b97\u6cd5\uff08Huffman\uff09\u5bf9Webp\u56fe\u7247\u8fdb\u884c\u89e3\u7801\u65f6\uff0c\u7531\u4e8e\u7f3a\u5c11\u5fc5\u8981\u7684\u8f93\u5165\u9a8c\u8bc1\uff0c\u5b58\u5728\u5185\u5b58\u8d8a\u754c\u5199\u5165\u7f3a\u9677\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u901a\u8fc7\u5236\u4f5c\u6076\u610f\u9875\u9762\u6216\u6587\u4ef6\uff0c\u8bf1\u5bfc\u7528\u6237\u6d4f\u89c8\u8bbf\u95ee\u6267\u884c\u8d8a\u754c\u5185\u5b58\u5199\u5165\uff0c\u5b9e\u73b0\u5bf9\u76ee\u6807\u4e3b\u673a\u8bbe\u5907\u7684\u8fdc\u7a0b\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6216\u8005\u654f\u611f\u4fe1\u606f\u672a\u6388\u6743\u8bbf\u95ee\u3002\u8be5\u6f0f\u6d1e\u5728\u67d0\u4e9b\u73af\u5883\u6761\u4ef6\u4e0b\u53ef\u88ab\u5b9e\u73b0\u96f6\u70b9\u51fb\u5229\u7528\uff080-Click\uff09\u3002",
"formalWay": "\u5382\u5546\u5df2\u9646\u7eed\u53d1\u5e03\u65b0\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u8bf7\u53ca\u65f6\u8fdb\u884c\u7248\u672c\u66f4\u65b0\u548c\u6f0f\u6d1e\u4fee\u590d\uff1a\r\nhttps://storage.googleapis.com/downloads.webmproject.org/releases/webp/index.html\r\nhttps://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\r\nhttps://github.com/electron/electron/pull/39828",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-73247",
"openTime": "2023-09-27",
"patchDescription": "WebP\u662fGoogle\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u79cd\u56fe\u50cf\u683c\u5f0f\uff0c\u652f\u6301\u7f51\u7edc\u56fe\u50cf\u7684\u6709\u635f\u548c\u65e0\u635f\u538b\u7f29\uff0c\u5176\u538b\u7f29\u6548\u679c\u548c\u901f\u5ea6\u8f83PNG\u548cJPEG\u683c\u5f0f\u5177\u6709\u4e00\u5b9a\u4f18\u52bf\u3002libwebp\u662f\u5b9e\u73b0WebP\u56fe\u50cf\u683c\u5f0f\u7f16\u89e3\u7801\u7684C/C++\u5f00\u6e90\u5e93\u3002libwebp\u901a\u8fc7\u63d0\u4f9b\u529f\u80fd\u51fd\u6570\u548c\u7cfb\u5217\u5de5\u5177\uff0c\u53ef\u5c06\u56fe\u50cf\u6570\u636e\u7f16\u7801\u4e3aWebP\u683c\u5f0f\uff0c\u4ee5\u53ca\u5c06WebP\u683c\u5f0f\u56fe\u50cf\u8fdb\u884c\u89e3\u7801\u8fd8\u539f\u3002libwebp\u4e5f\u53ef\u4f5c\u4e3a\u4f9d\u8d56\u5e93\uff0c\u5b9e\u73b0\u7a0b\u5e8f\u5bf9WebP\u56fe\u50cf\u683c\u5f0f\u7684\u652f\u6301\u3002libwebp\u5728\u5bb9\u5668\u955c\u50cf\u3001\u6846\u67b6\u3001\u6d4f\u89c8\u5668\u3001Linux\u64cd\u4f5c\u7cfb\u7edf\u548c\u5e94\u7528\u7a0b\u5e8f\u7b49\u5177\u6709\u8f83\u591a\u5e94\u7528\u3002\r\n\r\nGoogle libwebp\u5f00\u6e90\u5e93\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0clibwebp\u7684BuildHuffmanTable\u51fd\u6570\u5728\u4f7f\u7528\u970d\u592b\u66fc\u7b97\u6cd5\uff08Huffman\uff09\u5bf9Webp\u56fe\u7247\u8fdb\u884c\u89e3\u7801\u65f6\uff0c\u7531\u4e8e\u7f3a\u5c11\u5fc5\u8981\u7684\u8f93\u5165\u9a8c\u8bc1\uff0c\u5b58\u5728\u5185\u5b58\u8d8a\u754c\u5199\u5165\u7f3a\u9677\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u901a\u8fc7\u5236\u4f5c\u6076\u610f\u9875\u9762\u6216\u6587\u4ef6\uff0c\u8bf1\u5bfc\u7528\u6237\u6d4f\u89c8\u8bbf\u95ee\u6267\u884c\u8d8a\u754c\u5185\u5b58\u5199\u5165\uff0c\u5b9e\u73b0\u5bf9\u76ee\u6807\u4e3b\u673a\u8bbe\u5907\u7684\u8fdc\u7a0b\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6216\u8005\u654f\u611f\u4fe1\u606f\u672a\u6388\u6743\u8bbf\u95ee\u3002\u8be5\u6f0f\u6d1e\u5728\u67d0\u4e9b\u73af\u5883\u6761\u4ef6\u4e0b\u53ef\u88ab\u5b9e\u73b0\u96f6\u70b9\u51fb\u5229\u7528\uff080-Click\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google libwebp\u5f00\u6e90\u5e93\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Google libwebp \u003c1.3.2"
},
"referenceLink": "https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/\r\nhttps://support.apple.com/en-us/HT213905\r\nhttps://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\r\nhttps://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/\r\nhttps://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\r\nhttps://stackdiary.com/heap-buffer-overflow-in-libwebp-cve-2023-5129/\r\nhttps://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76\r\nhttps://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"serverity": "\u9ad8",
"submitTime": "2023-09-27",
"title": "Google libwebp\u5f00\u6e90\u5e93\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2023-5129
Vulnerability from fkie_nvd - Published: 2023-09-25 21:15 - Updated: 2023-11-07 04:23
Severity ?
Summary
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863."
}
],
"id": "CVE-2023-5129",
"lastModified": "2023-11-07T04:23:29.527",
"metrics": {},
"published": "2023-09-25T21:15:16.667",
"references": [],
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Rejected"
}
GHSA-HHRH-69HC-FGG7
Vulnerability from github – Published: 2023-09-25 21:30 – Updated: 2023-09-25 21:30
VLAI?
Details
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.
The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.
The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.
Severity ?
10.0 (Critical)
{
"affected": [],
"aliases": [
"CVE-2023-5129"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-25T21:15:16Z",
"severity": null
},
"details": "With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.\n\nThe ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.\n\nThe kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.\n\n",
"id": "GHSA-hhrh-69hc-fgg7",
"modified": "2023-09-25T21:30:26Z",
"published": "2023-09-25T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"type": "WEB",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"type": "WEB",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-5129
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5129",
"id": "GSD-2023-5129"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5129"
],
"details": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863.",
"id": "GSD-2023-5129",
"modified": "2023-12-13T01:20:50.471391Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2023-5129",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u00a0Duplicate of CVE-2023-4863."
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": []
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2023-5129"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.\n\nThe ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.\n\nThe kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": []
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"refsource": "MISC",
"tags": [],
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"refsource": "MISC",
"tags": [],
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
}
]
}
},
"impact": {},
"lastModifiedDate": "2023-09-26T12:45Z",
"publishedDate": "2023-09-25T21:15Z"
}
}
}
OPENSUSE-SU-2024:13304-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
cargo-audit-advisory-db-20231007-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: cargo-audit-advisory-db-20231007-1.1 on GA media
Description of the patch: These are all security issues fixed in the cargo-audit-advisory-db-20231007-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13304
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-audit-advisory-db-20231007-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-audit-advisory-db-20231007-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13304",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13304-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5129 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5129/"
}
],
"title": "cargo-audit-advisory-db-20231007-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13304-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20231007-1.1.aarch64",
"product": {
"name": "cargo-audit-advisory-db-20231007-1.1.aarch64",
"product_id": "cargo-audit-advisory-db-20231007-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20231007-1.1.ppc64le",
"product": {
"name": "cargo-audit-advisory-db-20231007-1.1.ppc64le",
"product_id": "cargo-audit-advisory-db-20231007-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20231007-1.1.s390x",
"product": {
"name": "cargo-audit-advisory-db-20231007-1.1.s390x",
"product_id": "cargo-audit-advisory-db-20231007-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20231007-1.1.x86_64",
"product": {
"name": "cargo-audit-advisory-db-20231007-1.1.x86_64",
"product_id": "cargo-audit-advisory-db-20231007-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20231007-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.aarch64"
},
"product_reference": "cargo-audit-advisory-db-20231007-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20231007-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.ppc64le"
},
"product_reference": "cargo-audit-advisory-db-20231007-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20231007-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.s390x"
},
"product_reference": "cargo-audit-advisory-db-20231007-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20231007-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.x86_64"
},
"product_reference": "cargo-audit-advisory-db-20231007-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5129"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5129",
"url": "https://www.suse.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "SUSE Bug 1215715 for CVE-2023-5129",
"url": "https://bugzilla.suse.com/1215715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20231007-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-5129"
}
]
}
RHSA-2023:5183
Vulnerability from csaf_redhat - Published: 2023-09-18 13:34 - Updated: 2026-03-18 02:25Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
9.6 (Critical)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
0.0 (None)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64 | — |
Vendor Fix
fix
|
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5183",
"url": "https://access.redhat.com/errata/RHSA-2023:5183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5183.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2026-03-18T02:25:32+00:00",
"generator": {
"date": "2026-03-18T02:25:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:5183",
"initial_release_date": "2023-09-18T13:34:55+00:00",
"revision_history": [
{
"date": "2023-09-18T13:34:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:34:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:25:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_1.src",
"product": {
"name": "firefox-0:102.15.1-1.el8_1.src",
"product_id": "firefox-0:102.15.1-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el8_1.ppc64le",
"product_id": "firefox-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el8_1.x86_64",
"product_id": "firefox-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-18T13:34:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-18T13:34:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5183"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.15.1-1.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.15.1-1.el8_1.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
RHSA-2023:5184
Vulnerability from csaf_redhat - Published: 2023-09-18 13:37 - Updated: 2026-03-18 02:25Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.1 ESR.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
9.6 (Critical)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
0.0 (None)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64 | — |
Vendor Fix
fix
|
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.15.1 ESR.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5184",
"url": "https://access.redhat.com/errata/RHSA-2023:5184"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5184.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2026-03-18T02:25:32+00:00",
"generator": {
"date": "2026-03-18T02:25:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:5184",
"initial_release_date": "2023-09-18T13:37:09+00:00",
"revision_history": [
{
"date": "2023-09-18T13:37:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:37:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:25:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.src",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.src",
"product_id": "firefox-0:102.15.1-1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.aarch64",
"product_id": "firefox-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.ppc64le",
"product_id": "firefox-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.x86_64",
"product_id": "firefox-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "firefox-0:102.15.1-1.el8_8.s390x",
"product_id": "firefox-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.15.1-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"product_id": "firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.15.1-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"product": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"product_id": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.15.1-1.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "firefox-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
},
"product_reference": "firefox-debugsource-0:102.15.1-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-18T13:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5184"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-18T13:37:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5184"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.15.1-1.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.15.1-1.el8_8.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
RHSA-2023:5185
Vulnerability from csaf_redhat - Published: 2023-09-18 13:34 - Updated: 2026-03-18 02:25Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.1.
Security Fix(es):
* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
9.6 (Critical)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
0.0 (None)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 | — |
Vendor Fix
fix
|
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.15.1.\n\nSecurity Fix(es):\n\n* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5185",
"url": "https://access.redhat.com/errata/RHSA-2023:5185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5185.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2026-03-18T02:25:34+00:00",
"generator": {
"date": "2026-03-18T02:25:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:5185",
"initial_release_date": "2023-09-18T13:34:00+00:00",
"revision_history": [
{
"date": "2023-09-18T13:34:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T13:34:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:25:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.src",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.src",
"product_id": "thunderbird-0:102.15.1-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"product_id": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.aarch64",
"product_id": "thunderbird-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.ppc64le",
"product_id": "thunderbird-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "thunderbird-0:102.15.1-1.el8_4.s390x",
"product_id": "thunderbird-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.15.1-1.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"product_id": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.15.1-1.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"product": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"product_id": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.15.1-1.el8_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238431"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: Heap buffer overflow in WebP Codec",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\n\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "RHBZ#2238431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html",
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"
},
{
"category": "external",
"summary": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-18T13:34:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5185"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-09-13T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: Heap buffer overflow in WebP Codec"
},
{
"cve": "CVE-2023-5129",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240759"
}
],
"notes": [
{
"category": "description",
"text": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: out-of-bounds write with a specially crafted WebP lossless file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5129"
},
{
"category": "external",
"summary": "RHBZ#2240759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76",
"url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76"
},
{
"category": "external",
"summary": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a",
"url": "https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a"
}
],
"release_date": "2023-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-18T13:34:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5185"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.15.1-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.15.1-1.el8_4.x86_64"
]
}
],
"title": "libwebp: out-of-bounds write with a specially crafted WebP lossless file"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…