Skip to content

Heap buffer overflow in WebP

Critical
amaitland published GHSA-j646-gj5p-p45g Sep 16, 2023

Package

nuget CefSharp.Common (NuGet)

Affected versions

< 116.0.230

Patched versions

116.0.230
nuget CefSharp.Common.NETCore (NuGet)
< 116.0.230
116.0.230

Description

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References


Updated

There is another related security vulnerability.

There's another related CVE (CVE-2023-5217) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (--disable-blink-features=WebCodecs).

As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150

Severity

Critical

CVE ID

CVE-2023-4863

Weaknesses

No CWEs