CVE-2023-4863
Published: 12 September 2023
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Notes
Author | Note |
---|---|
alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu |
mdeslaur | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap |
rodrigo-zaiden | in libwebp source, it seems like the affected versions starts from 0.5.0, with a high probability that the commit f75dfbf2 is the one adding the issue. I can be wrong in my assumption but, at least, the reproducer available in the the-webp-0day blog post, reproduces in 0.5.0 but not in 0.4.4, and the buffer huffman_tables was added in the mentioned commit. in Ubuntu, libwebp versions earlier than 0.5.0 does not contain the affected code, hence are probably not affected. |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
lunar |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(code not present)
|
|
noble |
Not vulnerable
(code not present)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
|
|
xenial |
Ignored
(end of standard support)
|
|
firefox Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Released
(117.0.1+build2-0ubuntu0.20.04.1)
|
|
jammy |
Not vulnerable
(code not present)
|
|
lunar |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(code not present)
|
|
noble |
Not vulnerable
(code not present)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(117.0.1)
|
|
xenial |
Ignored
(end of standard support)
|
|
libwebp Launchpad, Ubuntu, Debian |
bionic |
Released
(0.6.1-2ubuntu0.18.04.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
focal |
Released
(0.6.1-2ubuntu0.20.04.3)
|
|
jammy |
Released
(1.2.2-2ubuntu0.22.04.2)
|
|
lunar |
Released
(1.2.4-0.1ubuntu0.23.04.2)
|
|
mantic |
Released
(1.2.4-0.2ubuntu1)
|
|
noble |
Released
(1.2.4-0.2ubuntu1)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a upstream: https://github.com/webmproject/libwebp/commit/8bacd63a6de1cc091f85a1692390401e7bbf55ac upstream: https://github.com/webmproject/libwebp/commit/801d2be12dba966233c21f850490203eb1acf014 |
||
thunderbird Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Released
(1:102.15.1+build1-0ubuntu0.20.04.1)
|
|
jammy |
Released
(1:102.15.1+build1-0ubuntu0.22.04.1)
|
|
lunar |
Released
(1:102.15.1+build1-0ubuntu0.23.04.1)
|
|
mantic |
Released
(1:115.2.3+build1-0ubuntu1)
|
|
noble |
Released
(1:115.2.3+build1-0ubuntu1)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(115.2.2)
|
|
xenial |
Ignored
(end of standard support)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
- https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
- https://ubuntu.com/security/notices/USN-6367-1
- https://ubuntu.com/security/notices/USN-6368-1
- https://ubuntu.com/security/notices/USN-6369-1
- https://blog.isosceles.com/the-webp-0day/
- https://ubuntu.com/security/notices/USN-6369-2
- https://www.cve.org/CVERecord?id=CVE-2023-4863
- NVD
- Launchpad
- Debian