Is CefSharp affected by the security vulnerabilites CVE-2023-4863, CVE-2023-5217 #4601

daveMueller · 2023-10-09T10:36:16Z

daveMueller
Oct 9, 2023

Hi guys,

as we use CefSharp in one of our products it would be great if somebody could tell me if the library is also affected by the security vulnerabilities CVE-2023-4863, CVE-2023-5217.

https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Thanks a lot for any info ☺️.

Answered by campersau

Oct 9, 2023

Looks like it is, see "Security" Tab:
GHSA-j646-gj5p-p45g
GHSA-4c29-gfrp-g6x9

View full answer

campersau · 2023-10-09T10:48:45Z

campersau
Oct 9, 2023

Looks like it is, see "Security" Tab:
GHSA-j646-gj5p-p45g
GHSA-4c29-gfrp-g6x9

0 replies

daveMueller · 2023-10-09T14:38:10Z

daveMueller
Oct 9, 2023
Author

Thanks a lot for the quick feedback 🙏 . As far as I understand the issue seems to fixed in the newest versions of libvpx and libwebp. Does anybody know if a fix for CEF and CefSharp is already planned?

2 replies

campersau Oct 9, 2023

You can see that when you follow the links:

GHSA-j646-gj5p-p45g
Patched versions: 116.0.230

GHSA-4c29-gfrp-g6x9
Patched versions: 117.2.20

daveMueller Oct 9, 2023
Author

Thanks a lot @campersau 🙏

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is CefSharp affected by the security vulnerabilites CVE-2023-4863, CVE-2023-5217 #4601

{{title}}

Replies: 2 comments 2 replies

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Is CefSharp affected by the security vulnerabilites CVE-2023-4863, CVE-2023-5217 #4601

daveMueller Oct 9, 2023

Replies: 2 comments · 2 replies

campersau Oct 9, 2023

daveMueller Oct 9, 2023 Author

campersau Oct 9, 2023

daveMueller Oct 9, 2023 Author

daveMueller
Oct 9, 2023

Replies: 2 comments 2 replies

campersau
Oct 9, 2023

daveMueller
Oct 9, 2023
Author

daveMueller Oct 9, 2023
Author