CVE-2023-4863

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://crbug.com/1479274", "name": "https://crbug.com/1479274", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", "name": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1215231", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", "name": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2023-4863", "name": "https://security-tracker.debian.org/tracker/CVE-2023-4863", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", "name": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", "name": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", "name": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://en.bandisoft.com/honeyview/history/", "name": "https://en.bandisoft.com/honeyview/history/", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://news.ycombinator.com/item?id=37478403", "name": "https://news.ycombinator.com/item?id=37478403", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.debian.org/security/2023/dsa-5496", "name": "https://www.debian.org/security/2023/dsa-5496", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.debian.org/security/2023/dsa-5497", "name": "https://www.debian.org/security/2023/dsa-5497", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.debian.org/security/2023/dsa-5498", "name": "https://www.debian.org/security/2023/dsa-5498", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://security.gentoo.org/glsa/202309-05", "name": "https://security.gentoo.org/glsa/202309-05", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", "name": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", "name": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", "tags": ["Release Notes"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/21/4", "name": "http://www.openwall.com/lists/oss-security/2023/09/21/4", "tags": [], "refsource": "MISC"}, {"url": "https://blog.isosceles.com/the-webp-0day/", "name": "https://blog.isosceles.com/the-webp-0day/", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/22/1", "name": "http://www.openwall.com/lists/oss-security/2023/09/22/1", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/22/3", "name": "http://www.openwall.com/lists/oss-security/2023/09/22/3", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/22/4", "name": "http://www.openwall.com/lists/oss-security/2023/09/22/4", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/22/5", "name": "http://www.openwall.com/lists/oss-security/2023/09/22/5", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/22/7", "name": "http://www.openwall.com/lists/oss-security/2023/09/22/7", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/22/8", "name": "http://www.openwall.com/lists/oss-security/2023/09/22/8", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/22/6", "name": "http://www.openwall.com/lists/oss-security/2023/09/22/6", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/26/1", "name": "http://www.openwall.com/lists/oss-security/2023/09/26/1", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/26/7", "name": "http://www.openwall.com/lists/oss-security/2023/09/26/7", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/1", "name": "http://www.openwall.com/lists/oss-security/2023/09/28/1", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/2", "name": "http://www.openwall.com/lists/oss-security/2023/09/28/2", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/4", "name": "http://www.openwall.com/lists/oss-security/2023/09/28/4", "tags": [], "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20230929-0011/", "name": "https://security.netapp.com/advisory/ntap-20230929-0011/", "tags": [], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "tags": [], "refsource": "MISC"}, {"url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", "name": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", "tags": [], "refsource": "MISC"}, {"url": "https://www.bentley.com/advisories/be-2023-0001/", "name": "https://www.bentley.com/advisories/be-2023-0001/", "tags": [], "refsource": "MISC"}, {"url": "https://security.gentoo.org/glsa/202401-10", "name": "https://security.gentoo.org/glsa/202401-10", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-787"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-4863", "ASSIGNER": "chrome-cve-admin@google.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2023-09-12T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "116.0.5845.187"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "117.0.1"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "102.15.1"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "102.15.1"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "115.2.2", "versionStartIncluding": "115.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "115.2.1", "versionStartIncluding": "115.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "117.0.2045.31"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.3.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-01-07T11:15Z"}