by vicarius
log in join community
by @Smartkeyss
14 Feb 2024
#cve_analysis

Write a blog analysis for a CVE

publish

Zero Day WebP vulnerability (CVE-2023-4863)

by @Smartkeyss
by @Smartkeyss
14 Feb 2024
#cve_analysis

Write a blog analysis for a CVE

publish

Zero Day WebP vulnerability (CVE-2023-4863)

CVEs

CVE-2023-4863
8.8 High Severity

OS

Debian Linux
Debian LinuxDebian
22.04.*
2.5.3-3.*
2.5.3-16.*
2.5.2-1.*
*.*
2.1.8.8.p3-1.1.*
10.10.*
3.0.23.*
12.4.*
3.0.18.*
Fedora
FedoraFedoraproject
41.0.1.0.*
40.0.0.0.*
*.*
3334.*
37.*
30.*
40.*
38.*
28.*
31.*

Apps

Firefox ESR
Firefox ESRMozilla
140.10.1.*
115.35.0.*
140.9.1.*
115.33.0.*
115.30.0.*
140.3.1.*
115.28.0.*
115.27.0.*
128.14.0.*
128.13.0.*
Firefox
FirefoxMozilla
151.0.3.*
151.0.1.*
115.36.0.*
151.0.0.0.*
151.0.3.0.*
140.10.2.*
115.35.2.*
150.0.2.0.*
150.0.2.*
151.0.2.0.*
Thunderbird
ThunderbirdMozilla
152.0.3.0.*
152.0.2.0.*
140.11.1.0.*
140.11.1.*
152.0.1.0.*
151.0.1.*
140.11.0.0.*
151.0.0.0.*
151.0.4.0.*
140.10.2.0.*
Chrome
ChromeGoogle
151.0.7880.0.*
151.0.7879.0.*
151.0.7878.1.*
151.0.7878.0.*
151.0.7877.1.*
151.0.7877.0.*
151.0.7876.0.*
151.0.7875.2.*
151.0.7875.0.*
148.0.7778.254.*
Edge
EdgeMicrosoft
150.0.4077.*
150.0.4077.0.*
150.0.4076.*
150.0.4076.0.*
150.0.4075.0.*
150.0.4064.2.*
149.0.4022.52.*
150.0.4074.0.*
150.0.4073.0.*
149.0.4022.50.*
L
LibwebpWebmproject
*.*
0.5.1.*
1.2.2.RC1
1.2.2.-
1.2.2.RC2
1.2.3.-
1.2.3.RC1
1.2.1.RC2
1.2.1.-
1.2.0.-

Screenshots from the blog posts

images/clsev7h0q8f5t1hon57nu44i3.pngimages/clsev7h0q8f5t1hon57nu44i3.png
images/clsdn1n7o5jos1hon00qpd5mv.jpgimages/clsdn1n7o5jos1hon00qpd5mv.jpg
images/clsev8cob8f9a1hon6t6bbjjt.jpgimages/clsev8cob8f9a1hon6t6bbjjt.jpg

Summary

CVE-2023-4863 (CVSS score: 8.8), also known as the heap buffer overflow in Chrome libWebP, is a client-side vulnerability. This means that the end user of the affected application is at risk. The vulnerability arises from an exploitation involving the writing of more data to a dynamically allocated memory space (heap buffer) than it can hold, using crafted HTML. This vulnerability could lead to a crash or enable the exploiter to execute arbitrary code on the end user's system. 

Description

Tags

#trending
users/photos/clsevlral8gef1hon15grbvup.jpg

@Smartkeyss

63 posts

I am just curious 😊 I use simple words to explain complicated things. discord: @rxs_s

Total vcoins

0

Social media links

Comments (0)