VDB
ASB-A-299477569
ASB-A-299477569
PUBLISHED
CVSS 8.600000381469727 HIGH
In BuildHuffmanTable of huffman_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | external/webp | 14-next:0, 14-next, 11:0 |
Exploit Intelligence
- Shcesama/cve-2023-4863-analysis (github-poc-repo)
- Shcesama/cve-2023-4863-analysis (github-poc)
- pixelotes/lab-cve-2023-4863 (github-poc-repo)
- pixelotes/lab-cve-2023-4863 (github-poc)
- LiveOverflow/webp-CVE-2023-4863 (github-poc-repo)
- huiwen-yayaya/CVE-2023-4863 (github-poc-repo)
- bbaranoff/CVE-2023-4863 (github-poc-repo)
- jpselva/CVE-2023-4863 (github-poc-repo)
- AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface. (github-poc-repo)
- AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface. (github-poc)
…and 14 more exploits
Timeline
- Oct 1, 2023 CVE Published
- May 15, 2026 CVE Updated