VDB
DEBIAN-CVE-2023-4863
DEBIAN-CVE-2023-4863
PUBLISHED
CVSS 8.800000190734863 HIGH
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | chromium | 100.0.4896.127-1~deb11u1, 100.0.4896.60-1~deb11u1, 100.0.4896.60-1 |
| Debian:14 | firefox-esr | 0, 0, 0 |
| Debian:11 | firefox-esr | 91.3.0esr-1, 102.1.0esr-1, 102.1.0esr-2 |
| Debian:14 | chromium | 0, 0, 0 |
| Debian:12 | thunderbird | *, *, * |
| Debian:14 | thunderbird | 0, 0, 0 |
| Debian:11 | libwebp | 0, 0.6.1-2.1, 0.6.1-2.1+deb11u1 |
| Debian:13 | thunderbird | 0, 0, 0 |
| Debian:14 | libwebp | 0, 0, 0 |
| Debian:12 | chromium | 114.0.5735.90-1, 114.0.5735.90-2, 114.0.5735.90-2 |
| Debian:13 | libwebp | 0, 0, 0 |
| Debian:13 | firefox-esr | 0, 0, 0 |
| Debian:13 | chromium | 0, 0, 0 |
| Debian:11 | thunderbird | 91.0, 91.0, 91.0 |
| Debian:12 | firefox-esr | 102.15.0esr-1~deb10u1, *, 0 |
| Debian:12 | libwebp | 1.2.4-0.2, 0, 0 |
Exploit Intelligence
- Shcesama/cve-2023-4863-analysis (github-poc-repo)
- Shcesama/cve-2023-4863-analysis (github-poc)
- pixelotes/lab-cve-2023-4863 (github-poc-repo)
- pixelotes/lab-cve-2023-4863 (github-poc)
- LiveOverflow/webp-CVE-2023-4863 (github-poc-repo)
- huiwen-yayaya/CVE-2023-4863 (github-poc-repo)
- bbaranoff/CVE-2023-4863 (github-poc-repo)
- jpselva/CVE-2023-4863 (github-poc-repo)
- AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface. (github-poc-repo)
- AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface. (github-poc)
…and 14 more exploits
Timeline
- Sep 12, 2023 CVE Published
- Apr 28, 2026 CVE Updated