{"api_version":"1","generated_at":"2026-04-22T21:38:50+00:00","cve":"CVE-2023-4863","urls":{"html":"https://cve.report/CVE-2023-4863","api":"https://cve.report/api/cve/CVE-2023-4863.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-4863","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863"},"summary":{"title":"Google Chromium WebP Heap-Based Buffer Overflow Vulnerability","description":"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)","state":"PUBLIC","assigner":"chrome-cve-admin@google.com","published_at":"2023-09-12 15:15:00","updated_at":"2024-01-07 11:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/09/26/7","name":"http://www.openwall.com/lists/oss-security/2023/09/26/7","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1215231","name":"https://bugzilla.suse.com/show_bug.cgi?id=1215231","refsource":"MISC","tags":[],"title":"1215231 – (CVE-2023-4863) VUL-0: CVE-2023-4863: libwebp,MozillaFirefox,MozillaThunderbird,chromium,ungoogled-chromium: Heap buffer overflow in WebP","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/","name":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/","refsource":"MISC","tags":["Third Party Advisory"],"title":"Whose CVE Is It Anyway? - Adam Caudill","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/","name":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/","refsource":"MISC","tags":[],"title":"Critical WebP bug: many apps, not just browsers, under threat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://crbug.com/1479274","name":"https://crbug.com/1479274","refsource":"MISC","tags":[],"title":"1479274 - \n \n \n chromium -\n \n \n An open-source project to help move the web forward. - \n \n Monorail","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5497","name":"https://www.debian.org/security/2023/dsa-5497","refsource":"MISC","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-5497-1 libwebp","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/4","name":"http://www.openwall.com/lists/oss-security/2023/09/22/4","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 38 Update: chromium-117.0.5938.62-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/3","name":"http://www.openwall.com/lists/oss-security/2023/09/22/3","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html","name":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 3569-1] thunderbird security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/","name":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/","refsource":"MISC","tags":[],"title":"Google fixes another Chrome zero-day bug exploited in attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/8","name":"http://www.openwall.com/lists/oss-security/2023/09/22/8","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202401-10","name":"https://security.gentoo.org/glsa/202401-10","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html","name":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 3568-1] firefox-esr security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5496","name":"https://www.debian.org/security/2023/dsa-5496","refsource":"MISC","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-5496-1 firefox-esr","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2","name":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2","refsource":"MISC","tags":["Release Notes"],"title":"Release v1.3.2: libwebp-1.3.2 · webmproject/libwebp · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://news.ycombinator.com/item?id=37478403","name":"https://news.ycombinator.com/item?id=37478403","refsource":"MISC","tags":[],"title":"Chrome: Heap buffer overflow in WebP | Hacker News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/7","name":"http://www.openwall.com/lists/oss-security/2023/09/22/7","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/4","name":"http://www.openwall.com/lists/oss-security/2023/09/28/4","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 37 Update: libwebp-1.3.1-3.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/5","name":"http://www.openwall.com/lists/oss-security/2023/09/22/5","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","name":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","refsource":"MISC","tags":[],"title":"Fix OOB write in BuildHuffmanTable. · webmproject/libwebp@902bc91 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20230929-0011/","name":"https://security.netapp.com/advisory/ntap-20230929-0011/","refsource":"MISC","tags":[],"title":"CVE-2023-4863 Libwebp Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/1","name":"http://www.openwall.com/lists/oss-security/2023/09/28/1","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security-tracker.debian.org/tracker/CVE-2023-4863","name":"https://security-tracker.debian.org/tracker/CVE-2023-4863","refsource":"MISC","tags":[],"title":"CVE-2023-4863","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/","name":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/","refsource":"MISC","tags":[],"title":"Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16","name":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16","refsource":"MISC","tags":[],"title":"Patching the libwebp vulnerability across the Python ecosystem","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 38 Update: libwebp-1.3.1-3.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://blog.isosceles.com/the-webp-0day/","name":"https://blog.isosceles.com/the-webp-0day/","refsource":"MISC","tags":[],"title":"The WebP 0day","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 39 Update: libwebp-1.3.1-3.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/26/1","name":"http://www.openwall.com/lists/oss-security/2023/09/26/1","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/2","name":"http://www.openwall.com/lists/oss-security/2023/09/28/2","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/21/4","name":"http://www.openwall.com/lists/oss-security/2023/09/21/4","refsource":"MISC","tags":[],"title":"oss-security - CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/1","name":"http://www.openwall.com/lists/oss-security/2023/09/22/1","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://en.bandisoft.com/honeyview/history/","name":"https://en.bandisoft.com/honeyview/history/","refsource":"MISC","tags":[],"title":"Honeyview - Version history, Changelog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/6","name":"http://www.openwall.com/lists/oss-security/2023/09/22/6","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863","name":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863","refsource":"MISC","tags":[],"title":"Security Update Guide - Microsoft Security Response Center","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html","name":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 3570-1] libwebp security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.bentley.com/advisories/be-2023-0001/","name":"https://www.bentley.com/advisories/be-2023-0001/","refsource":"MISC","tags":[],"title":"403 Forbidden","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: chromium-117.0.5938.88-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 39 Update: firefox-117.0.1-2.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202309-05","name":"https://security.gentoo.org/glsa/202309-05","refsource":"MISC","tags":["Third Party Advisory"],"title":"WebP: Multiple vulnerabilities (GLSA 202309-05) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5498","name":"https://www.debian.org/security/2023/dsa-5498","refsource":"MISC","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-5498-1 thunderbird","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 39 Update: chromium-117.0.5938.132-2.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html","name":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html","refsource":"MISC","tags":[],"title":"Chrome Releases: Stable Channel Update for Desktop","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-4863","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"39","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"edge","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4863","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmproject","cpe5":"libwebp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2023","cve_id":"4863","cve":"CVE-2023-4863","vendorProject":"Google","product":"Chromium WebP","vulnerabilityName":"Google Chromium WebP Heap-Based Buffer Overflow Vulnerability","dateAdded":"2023-09-13","shortDescription":"Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","dueDate":"2023-10-04","knownRansomwareCampaignUse":"Unknown","notes":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863","cwes":"CWE-787","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2023","cve_id":"4863","cve":"CVE-2023-4863","epss":"0.941170000","percentile":"0.999110000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:42"},"legacy_qids":[{"cve":"CVE-2023-4863","qid":"160919","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2023-5184)"},{"cve":"CVE-2023-4863","qid":"160920","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2023-5197)"},{"cve":"CVE-2023-4863","qid":"160922","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2023-5200)"},{"cve":"CVE-2023-4863","qid":"160923","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-5191)"},{"cve":"CVE-2023-4863","qid":"160925","title":"Oracle Enterprise Linux Security Update for libwebp (ELSA-2023-5214)"},{"cve":"CVE-2023-4863","qid":"160926","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-5224)"},{"cve":"CVE-2023-4863","qid":"160928","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-5201)"},{"cve":"CVE-2023-4863","qid":"160931","title":"Oracle Enterprise Linux Security Update for libwebp (ELSA-2023-5309)"},{"cve":"CVE-2023-4863","qid":"199748","title":"Ubuntu Security Notification for Firefox Vulnerability (USN-6367-1)"},{"cve":"CVE-2023-4863","qid":"199749","title":"Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-6368-1)"},{"cve":"CVE-2023-4863","qid":"199753","title":"Ubuntu Security Notification for libwebp Vulnerability (USN-6369-1)"},{"cve":"CVE-2023-4863","qid":"199790","title":"Ubuntu Security Notification for libwebp Vulnerability (USN-6369-2)"},{"cve":"CVE-2023-4863","qid":"242035","title":"Red Hat Update for libwebp (RHSA-2023:5190)"},{"cve":"CVE-2023-4863","qid":"242036","title":"Red Hat Update for firefox (RHSA-2023:5205)"},{"cve":"CVE-2023-4863","qid":"242037","title":"Red Hat Update for firefox (RHSA-2023:5183)"},{"cve":"CVE-2023-4863","qid":"242038","title":"Red Hat Update for thunderbird (RHSA-2023:5202)"},{"cve":"CVE-2023-4863","qid":"242039","title":"Red Hat Update for thunderbird (RHSA-2023:5188)"},{"cve":"CVE-2023-4863","qid":"242042","title":"Red Hat Update for firefox (RHSA-2023:5198)"},{"cve":"CVE-2023-4863","qid":"242043","title":"Red Hat Update for thunderbird (RHSA-2023:5185)"},{"cve":"CVE-2023-4863","qid":"242044","title":"Red Hat Update for firefox (RHSA-2023:5200)"},{"cve":"CVE-2023-4863","qid":"242046","title":"Red Hat Update for libwebp (RHSA-2023:5189)"},{"cve":"CVE-2023-4863","qid":"242047","title":"Red Hat Update for firefox (RHSA-2023:5192)"},{"cve":"CVE-2023-4863","qid":"242048","title":"Red Hat Update for firefox (RHSA-2023:5197)"},{"cve":"CVE-2023-4863","qid":"242049","title":"Red Hat Update for libwebp (RHSA-2023:5204)"},{"cve":"CVE-2023-4863","qid":"242051","title":"Red Hat Update for thunderbird (RHSA-2023:5201)"},{"cve":"CVE-2023-4863","qid":"242052","title":"Red Hat Update for thunderbird (RHSA-2023:5191)"},{"cve":"CVE-2023-4863","qid":"242053","title":"Red Hat Update for thunderbird (RHSA-2023:5186)"},{"cve":"CVE-2023-4863","qid":"242054","title":"Red Hat Update for firefox (RHSA-2023:5184)"},{"cve":"CVE-2023-4863","qid":"242055","title":"Red Hat Update for firefox (RHSA-2023:5187)"},{"cve":"CVE-2023-4863","qid":"242057","title":"Red Hat Update for thunderbird (RHSA-2023:5223)"},{"cve":"CVE-2023-4863","qid":"242059","title":"Red Hat Update for thunderbird (RHSA-2023:5224)"},{"cve":"CVE-2023-4863","qid":"242061","title":"Red Hat Update for libwebp (RHSA-2023:5214)"},{"cve":"CVE-2023-4863","qid":"242072","title":"Red Hat Update for libwebp: Critical (RHSA-2023:5236)"},{"cve":"CVE-2023-4863","qid":"242079","title":"Red Hat Update for libwebp (RHSA-2023:5309)"},{"cve":"CVE-2023-4863","qid":"242125","title":"Red Hat Update for libwebp (RHSA-2023:5222)"},{"cve":"CVE-2023-4863","qid":"284510","title":"Fedora Security Update for libwebp (FEDORA-2023-c4fa8a204d)"},{"cve":"CVE-2023-4863","qid":"284515","title":"Fedora Security Update for libwebp (FEDORA-2023-3388038193)"},{"cve":"CVE-2023-4863","qid":"284523","title":"Fedora Security Update for chromium (FEDORA-2023-3bfb63f6d2)"},{"cve":"CVE-2023-4863","qid":"284530","title":"Fedora Security Update for chromium (FEDORA-2023-b427f54e68)"},{"cve":"CVE-2023-4863","qid":"285232","title":"Fedora Security Update for chromium (FEDORA-2023-c890266d3f)"},{"cve":"CVE-2023-4863","qid":"285255","title":"Fedora Security Update for firefox (FEDORA-2023-6bdc468df7)"},{"cve":"CVE-2023-4863","qid":"285260","title":"Fedora Security Update for libwebp (FEDORA-2023-f8319bd876)"},{"cve":"CVE-2023-4863","qid":"296105","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 63.157.1 Missing (CPUOCT2023)"},{"cve":"CVE-2023-4863","qid":"296107","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 65.157.1 Missing (CPUJAN2024)"},{"cve":"CVE-2023-4863","qid":"356378","title":"Amazon Linux Security Advisory for libwebp : ALAS2023-2023-355"},{"cve":"CVE-2023-4863","qid":"356381","title":"Amazon Linux Security Advisory for libwebp : ALAS2023-2023-358"},{"cve":"CVE-2023-4863","qid":"356426","title":"Amazon Linux Security Advisory for libwebp12 : ALAS2-2023-2290"},{"cve":"CVE-2023-4863","qid":"356442","title":"Amazon Linux Security Advisory for thunderbird : ALAS2-2023-2291"},{"cve":"CVE-2023-4863","qid":"356602","title":"Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-015"},{"cve":"CVE-2023-4863","qid":"356734","title":"Amazon Linux Security Advisory for qt5-qtimageformats : ALAS2-2023-2337"},{"cve":"CVE-2023-4863","qid":"378893","title":"Alibaba Cloud Linux Security Update for libwebp (ALINUX3-SA-2023:0115)"},{"cve":"CVE-2023-4863","qid":"378941","title":"Microsoft Teams Heap Buffer Overflow Vulnerability for Sep 2023"},{"cve":"CVE-2023-4863","qid":"379055","title":"Opera Browser 102.0.4880.51 Stable Update"},{"cve":"CVE-2023-4863","qid":"379057","title":"Vivaldi Desktop Browser 6.2 Update"},{"cve":"CVE-2023-4863","qid":"379059","title":"Brave Browser v1.57.64 (Chromium 116.0.5845.188) Update"},{"cve":"CVE-2023-4863","qid":"503311","title":"Alpine Linux Security Update for libwebp"},{"cve":"CVE-2023-4863","qid":"503312","title":"Alpine Linux Security Update for libwebp"},{"cve":"CVE-2023-4863","qid":"503313","title":"Alpine Linux Security Update for libwebp"},{"cve":"CVE-2023-4863","qid":"503314","title":"Alpine Linux Security Update for libwebp"},{"cve":"CVE-2023-4863","qid":"503315","title":"Alpine Linux Security Update for qt5-qtimageformats"},{"cve":"CVE-2023-4863","qid":"503461","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-4863","qid":"505723","title":"Alpine Linux Security Update for chromium"},{"cve":"CVE-2023-4863","qid":"505890","title":"Alpine Linux Security Update for libwebp"},{"cve":"CVE-2023-4863","qid":"506069","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-4863","qid":"506184","title":"Alpine Linux Security Update for qt5-qtimageformats"},{"cve":"CVE-2023-4863","qid":"506201","title":"Alpine Linux Security Update for qt5-qtwebengine"},{"cve":"CVE-2023-4863","qid":"6000011","title":"Debian Security Update for firefox-esr (DLA 3568-1)"},{"cve":"CVE-2023-4863","qid":"6000012","title":"Debian Security Update for thunderbird (DLA 3569-1)"},{"cve":"CVE-2023-4863","qid":"6000013","title":"Debian Security Update for libwebp (DLA 3570-1)"},{"cve":"CVE-2023-4863","qid":"6000175","title":"Debian Security Update for libwebp (DSA 5497-2)"},{"cve":"CVE-2023-4863","qid":"6000184","title":"Debian Security Update for thunderbird (DSA 5498-1)"},{"cve":"CVE-2023-4863","qid":"6000205","title":"Debian Security Update for firefox-esr (DSA 5496-1)"},{"cve":"CVE-2023-4863","qid":"6000230","title":"Debian Security Update for libwebp (DSA 5497-1)"},{"cve":"CVE-2023-4863","qid":"610513","title":"Google Android Devices October 2023 Security Patch Missing"},{"cve":"CVE-2023-4863","qid":"610519","title":"Google Android November 2023 Security Patch Missing for Samsung"},{"cve":"CVE-2023-4863","qid":"610520","title":"Google Android November 2023 Security Patch Missing for Huawei EMUI"},{"cve":"CVE-2023-4863","qid":"673445","title":"EulerOS Security Update for libwebp (EulerOS-SA-2023-3276)"},{"cve":"CVE-2023-4863","qid":"673462","title":"EulerOS Security Update for libwebp (EulerOS-SA-2023-3309)"},{"cve":"CVE-2023-4863","qid":"673537","title":"EulerOS Security Update for libwebp (EulerOS-SA-2023-3186)"},{"cve":"CVE-2023-4863","qid":"673835","title":"EulerOS Security Update for libwebp (EulerOS-SA-2023-3248)"},{"cve":"CVE-2023-4863","qid":"673866","title":"EulerOS Security Update for libwebp (EulerOS-SA-2024-1149)"},{"cve":"CVE-2023-4863","qid":"673882","title":"EulerOS Security Update for libwebp (EulerOS-SA-2024-1280)"},{"cve":"CVE-2023-4863","qid":"673928","title":"EulerOS Security Update for libwebp (EulerOS-SA-2023-3341)"},{"cve":"CVE-2023-4863","qid":"674031","title":"EulerOS Security Update for libwebp (EulerOS-SA-2023-3221)"},{"cve":"CVE-2023-4863","qid":"691303","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for libwebp heap buffer overflow (58a738d4-57af-11ee-8c58-b42e991fc52e)"},{"cve":"CVE-2023-4863","qid":"691304","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for graphics/webp heap buffer overflow (4fd7a2fc-5860-11ee-a1b3-dca632daf43b)"},{"cve":"CVE-2023-4863","qid":"710750","title":"Gentoo Linux WebP Multiple Vulnerabilities (GLSA 202309-05)"},{"cve":"CVE-2023-4863","qid":"710830","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202401-10)"},{"cve":"CVE-2023-4863","qid":"754836","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:3610-1)"},{"cve":"CVE-2023-4863","qid":"754837","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:3609-1)"},{"cve":"CVE-2023-4863","qid":"754843","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:3626-1)"},{"cve":"CVE-2023-4863","qid":"754850","title":"SUSE Enterprise Linux Security Update for libwebp (SUSE-SU-2023:3634-1)"},{"cve":"CVE-2023-4863","qid":"754862","title":"SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2023:3664-1)"},{"cve":"CVE-2023-4863","qid":"754932","title":"SUSE Enterprise Linux Security Update for libwebp (SUSE-SU-2023:3794-1)"},{"cve":"CVE-2023-4863","qid":"754961","title":"SUSE Enterprise Linux Security Update for libwebp (SUSE-SU-2023:3829-1)"},{"cve":"CVE-2023-4863","qid":"907357","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libwebp (29758-1)"},{"cve":"CVE-2023-4863","qid":"941259","title":"AlmaLinux Security Update for libwebp (ALSA-2023:5309)"},{"cve":"CVE-2023-4863","qid":"941263","title":"AlmaLinux Security Update for firefox (ALSA-2023:5184)"},{"cve":"CVE-2023-4863","qid":"941265","title":"AlmaLinux Security Update for thunderbird (ALSA-2023:5201)"},{"cve":"CVE-2023-4863","qid":"941267","title":"AlmaLinux Security Update for libwebp (ALSA-2023:5214)"},{"cve":"CVE-2023-4863","qid":"941268","title":"AlmaLinux Security Update for firefox (ALSA-2023:5200)"},{"cve":"CVE-2023-4863","qid":"941269","title":"AlmaLinux Security Update for thunderbird (ALSA-2023:5224)"},{"cve":"CVE-2023-4863","qid":"961016","title":"Rocky Linux Security Update for firefox (RLSA-2023:5184)"},{"cve":"CVE-2023-4863","qid":"961020","title":"Rocky Linux Security Update for libwebp (RLSA-2023:5309)"},{"cve":"CVE-2023-4863","qid":"961034","title":"Rocky Linux Security Update for libwebp (RLSA-2023:5214)"},{"cve":"CVE-2023-4863","qid":"961036","title":"Rocky Linux Security Update for thunderbird (RLSA-2023:5201)"},{"cve":"CVE-2023-4863","qid":"995285","title":"Rust (Rust) Security Update for libwebp-sys2 (GHSA-j7hp-h8jx-5ppr)"},{"cve":"CVE-2023-4863","qid":"995301","title":"NodeJs (Npm) Security Update for electron (GHSA-j7hp-h8jx-5ppr)"},{"cve":"CVE-2023-4863","qid":"995331","title":"GO (Go) Security Update for github.com/chai2010/webp (GHSA-j7hp-h8jx-5ppr)"},{"cve":"CVE-2023-4863","qid":"995350","title":"DotNet (Nuget) Security Update for SkiaSharp (GHSA-j7hp-h8jx-5ppr)"},{"cve":"CVE-2023-4863","qid":"995498","title":"Python (Pip) Security Update for Pillow (GHSA-j7hp-h8jx-5ppr)"},{"cve":"CVE-2023-4863","qid":"995522","title":"Python (Pip) Security Update for pillow (GHSA-56pw-mpj4-fxww)"},{"cve":"CVE-2023-4863","qid":"995523","title":"Python (Pip) Security Update for imagecodecs (GHSA-94vc-p8w7-5p49)"},{"cve":"CVE-2023-4863","qid":"995537","title":"DotNet (Nuget) Security Update for ImageResizer.Plugins.FreeImage (GHSA-wqcr-xm43-hpqr)"},{"cve":"CVE-2023-4863","qid":"995538","title":"Python (Pip) Security Update for webp (GHSA-f9pm-4g9p-6vm3)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-4863","ASSIGNER":"chrome-cve-admin@google.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Heap buffer overflow"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Google","product":{"product_data":[{"product_name":"Chrome","version":{"version_data":[{"version_affected":"<","version_name":"116.0.5845.187","version_value":"116.0.5845.187"}]}},{"product_name":"libwebp","version":{"version_data":[{"version_affected":"<","version_name":"1.3.2","version_value":"1.3.2"}]}}]}}]}},"references":{"reference_data":[{"url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html","refsource":"MISC","name":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"},{"url":"https://crbug.com/1479274","refsource":"MISC","name":"https://crbug.com/1479274"},{"url":"https://en.bandisoft.com/honeyview/history/","refsource":"MISC","name":"https://en.bandisoft.com/honeyview/history/"},{"url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/","refsource":"MISC","name":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"},{"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/","refsource":"MISC","name":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"},{"url":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","refsource":"MISC","name":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863","refsource":"MISC","name":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"},{"url":"https://security-tracker.debian.org/tracker/CVE-2023-4863","refsource":"MISC","name":"https://security-tracker.debian.org/tracker/CVE-2023-4863"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1215231","refsource":"MISC","name":"https://bugzilla.suse.com/show_bug.cgi?id=1215231"},{"url":"https://news.ycombinator.com/item?id=37478403","refsource":"MISC","name":"https://news.ycombinator.com/item?id=37478403"},{"url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/","refsource":"MISC","name":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"},{"url":"https://www.debian.org/security/2023/dsa-5496","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5496"},{"url":"https://www.debian.org/security/2023/dsa-5497","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5497"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"},{"url":"https://www.debian.org/security/2023/dsa-5498","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5498"},{"url":"https://security.gentoo.org/glsa/202309-05","refsource":"MISC","name":"https://security.gentoo.org/glsa/202309-05"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"},{"url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/","refsource":"MISC","name":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"},{"url":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2","refsource":"MISC","name":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/21/4","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/21/4"},{"url":"https://blog.isosceles.com/the-webp-0day/","refsource":"MISC","name":"https://blog.isosceles.com/the-webp-0day/"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/1","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/22/1"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/3","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/22/3"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/4","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/22/4"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/5","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/22/5"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/8","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/22/8"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/7","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/22/7"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/22/6","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/22/6"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/26/1","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/26/1"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/26/7","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/26/7"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/1","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/28/1"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/2","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/28/2"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/4","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/28/4"},{"url":"https://security.netapp.com/advisory/ntap-20230929-0011/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20230929-0011/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"},{"url":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16","refsource":"MISC","name":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"},{"url":"https://www.bentley.com/advisories/be-2023-0001/","refsource":"MISC","name":"https://www.bentley.com/advisories/be-2023-0001/"}]}},"nvd":{"publishedDate":"2023-09-12 15:15:00","lastModifiedDate":"2024-01-07 11:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"116.0.5845.187","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"117.0.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"102.15.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"102.15.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionStartIncluding":"115.0","versionEndExcluding":"115.2.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionStartIncluding":"115.0","versionEndExcluding":"115.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*","versionEndExcluding":"117.0.2045.31","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}