VDB
CVE-2024-35280
CVE-2024-35280
PUBLISHED
CVSS 8.800000190734863 HIGH
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS 1.03% · 77.7th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
1.03%
77.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| libvpx | 1.13.1 | |
| Chrome | 117.0.5938.132 |
Exploit Intelligence
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-5217 (circl)
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html (circl)
- https://crbug.com/1486441 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/28/5 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/28/6 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/29/1 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/29/2 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/29/7 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/29/9 (circl)
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/ (circl)
…and 62 more exploits
Timeline
- Sep 28, 2023 PoC Published
- Sep 29, 2023 PoC Published
- Oct 2, 2023 PoC Published
- Oct 2, 2023 PoC Published
- Oct 3, 2023 PoC Published
- Oct 5, 2023 PoC Published
- Dec 24, 2024 PoC Published
- Jan 15, 2025 CVE Published
- Jan 16, 2025 EPSS Score
- Jan 31, 2025 EPSS Score
- Feb 3, 2025 Coalition ESS Score
- Feb 16, 2025 EPSS Score
References
- https://www.fortiguard.com/psirt/FG-IR-23-258 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-458 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-061 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-405 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-285 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-165 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-494 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-220 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-221 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-078 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-282 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-373 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-106 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-250 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-189 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-401 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-239 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-097 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-260 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-170 advisory
…and 83 more