CVE-2023-4863

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4863.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-4863
Aliases
Downstream
Related
Published
2023-09-12T15:15:24Z
Modified
2025-09-30T03:07:41.004600Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

Affected packages

Git / github.com/webmproject/libwebp

Affected ranges

Type
GIT
Repo
https://github.com/webmproject/libwebp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.1.2
v0.1.3
v0.1.99
v0.2.0
v0.2.0-rc1
v0.2.1
v0.3.0
v0.3.0-rc6
v0.3.0-rc7
v0.3.1
v0.3.1-rc1
v0.3.1-rc2
v0.4.0
v0.4.0-rc1
v0.4.1
v0.4.1-rc1
v0.5.0
v0.5.0-rc1
v0.5.1
v0.5.1-rc5
v0.5.2
v0.5.2-rc2
v0.6.0
v0.6.0-rc2
v0.6.0-rc3
v0.6.1
v0.6.1-rc2

v1.*

v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.1
v1.0.1-rc2
v1.0.2
v1.0.2-rc1
v1.0.3
v1.0.3-rc1
v1.1.0
v1.1.0-rc2
v1.2.0
v1.2.0-rc3
v1.2.1
v1.2.1-rc2
v1.2.2
v1.2.2-rc1
v1.2.2-rc2
v1.2.3
v1.2.3-rc1
v1.2.4
v1.3.0
v1.3.0-rc1
v1.3.1
v1.3.1-rc1
v1.3.1-rc2

Database specific

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "20134740730605791402509200455302630941",
                    "136648906070994206943738037015888819806",
                    "232356828012318700083917498119399758794",
                    "37020882375958065571817200082347569363"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
            "signature_type": "Line",
            "id": "CVE-2023-4863-3703e29f",
            "target": {
                "file": "src/dec/vp8li_dec.h"
            },
            "signature_version": "v1"
        },
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "210680425751445647392974712312166516434",
                    "31176131428327197556084923347153299803",
                    "91413042216609002235528185241791249822",
                    "273450130334326004710231764491864605384",
                    "97403937494087092732307438335378299067",
                    "183915759203804892541396210553818051906",
                    "218815111059650688860257620488376646006"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
            "signature_type": "Line",
            "id": "CVE-2023-4863-903fc9e4",
            "target": {
                "file": "src/utils/huffman_utils.h"
            },
            "signature_version": "v1"
        },
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "271948026291282679915020711765944277644",
                    "262252171417285278396190219750969423297",
                    "148769860740082019780466540147402480452",
                    "210145805502744439188840045708050512589",
                    "35045463450424597200053605992676636204",
                    "64766116049401205963382856096159133016",
                    "199857997552244871809490827006375407869",
                    "19508379791752261999511906430439999976",
                    "228171279559466439552632197667773266539",
                    "151576406092307753477191614656856352818",
                    "253045320118918568491627921939403555705",
                    "130445939594778113211731509372766920561",
                    "120076622227917682491764850393839101917",
                    "284362866993109694925581498077114712657",
                    "137003821122577824635294804739146166789",
                    "112588836660070022639592100708547253158",
                    "80951286132688567743133278832665098378",
                    "269574673249262310077259878437192371215",
                    "252443284945298872410908993903016361511",
                    "159257432654087281696134800911303867693",
                    "291750083337732318662709987572573616830",
                    "169088151181716300303842140093765755918",
                    "73550526054077245811164979480865709647",
                    "137425105189849639014823927868322683325",
                    "291243115522035543821384978063358782303",
                    "178642488364606593579676655197420657813",
                    "298358522057652572101438670807195076303",
                    "296404297189211934789742530714505713594",
                    "247530072585474083441594850150604125475",
                    "279560637154054723920761559897853486777",
                    "202655542227860580080550069313697685541",
                    "300383687110456121784217000941022389469",
                    "192297749408518192473170605731069214262",
                    "283940877786059570739337614271542237873",
                    "276748998161991204499405585688807490389",
                    "225298851476652200041146005344964915850",
                    "25926333490899675358408004217915439110",
                    "121271864338623016227831636388829667369",
                    "3261922525234354196880407410666053244",
                    "93490408030208102553449128636581277522",
                    "56169827678954796002461554515733955394",
                    "146434498251422795792724255787630145257",
                    "180061472657521040892563784991030675291",
                    "28456919384561916568486403753570021157",
                    "141591542593831588193439876159158717749",
                    "143026966034998223926469464146658131125",
                    "214863518128816089569328548838396476266",
                    "181159102842818032171371684569701144472",
                    "100549082727312540877472668665834378775",
                    "43581069938430831587912090271434024516",
                    "73651109845734901883398747017515852367",
                    "115445385881407562798806355037454872759",
                    "110463014747451642918800005342832693488",
                    "254069557418689661914117668276367867146",
                    "328830259662328988457898205652053121965",
                    "238858969565005325952513859319399381516",
                    "111234782651036060340979675411769789231",
                    "172081266457316932040744692285306655916",
                    "248566039298899952992969157639115673789",
                    "119985745181292829676238729059280428135",
                    "167694533597920009083942283657848514212",
                    "264725772127853413985386923114761986085",
                    "319322622918909763052091702521534025749",
                    "298957801119027805276587464952973149993",
                    "62837709564002461020449103231436455248",
                    "313049931741831224027067891725458321568",
                    "234345581826703249538457366286627621387",
                    "200300177457112355832449360393082008763",
                    "48551747108970203382132381719056013424",
                    "274300588330689046282791831363004929420",
                    "309105406738991267509915155779836680981",
                    "310052527010005599966394898527644151396"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
            "signature_type": "Line",
            "id": "CVE-2023-4863-ccb3931c",
            "target": {
                "file": "src/dec/vp8l_dec.c"
            },
            "signature_version": "v1"
        },
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "204781606502151800260619611752625644818",
                    "185106167987738524761390329650955829619",
                    "305816608561040735805928812483133554564",
                    "59392845666000361311742466361202540751",
                    "163544756746094738569689619927773583208",
                    "64351449055211388586989071028165712970",
                    "18629077194446828728726317177332368712",
                    "223007749125293494574594639015320091978",
                    "236680345559470387610260309003459465438",
                    "226067468273456595296407121508288106200",
                    "321923281581885145865730435223215193746",
                    "231666192913856095838086834941208983265",
                    "181054860789483302711806005905772321308",
                    "79258257990473166470619511931141812522",
                    "200328652613175569443260201006420835059",
                    "6676361250043582523572721889987948436",
                    "200076656036652498604570028039742429935",
                    "189120569564892762059446620707941915190",
                    "323711977447033501678429042127603698316",
                    "269845760469900685143393871538905460386",
                    "4720203203833394296686175345248656821",
                    "56107595494770414169033152965635542500",
                    "220250410205055553327705516994151907780",
                    "139029986952383583081732583543121227225",
                    "225906645224314157815939602383793184376",
                    "155588090218342557940253942580447666642",
                    "309051081962351778948184717950795815509",
                    "245539949468760808910768168636209190145",
                    "244292944973542475936500071963500771088",
                    "94475619690918640400365047181728977924",
                    "195366773349676590075927548152953695014",
                    "279482347794562642676571009996899462113",
                    "48927683219126065761174863204405289860",
                    "214789503505984548988643500713495921103",
                    "25920949994098500062101683129657787955",
                    "40948343052415876263205953168564566778",
                    "32377182047332644615623785857061877577",
                    "213828181346851087381515831448269560908",
                    "261689318391222986394302351952710236908"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
            "signature_type": "Line",
            "id": "CVE-2023-4863-ecfb528b",
            "target": {
                "file": "src/utils/huffman_utils.c"
            },
            "signature_version": "v1"
        }
    ]
}