VDB
DEBIAN-CVE-2023-5217
DEBIAN-CVE-2023-5217
PUBLISHED
CVSS 8.800000190734863 HIGH
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | chromium | 0, 0, 0 |
| Debian:11 | chromium | 98.0.4758.102-1, 106.0.5249.103-2, 105.0.5195.52-1~deb11u1 |
| Debian:12 | libvpx | 1.12.0-1, 0, 1.12.0-1 |
| Debian:11 | libvpx | 0, 1.9.0-1, 1.9.0-1 |
| Debian:14 | firefox-esr | 140.7.0esr-1, 140.6.0esr-1~deb12u1, 140.5.0esr-1~deb13u1 |
| Debian:14 | chromium | 0, 0, 0 |
| Debian:13 | firefox-esr | 140.7.0esr-1, 140.7.0esr-1~deb11u1, 140.7.0esr-1~deb12u1 |
| Debian:12 | firefox-esr | *, 0, 102.11.0esr-1 |
| Debian:13 | libvpx | 0, 0, 0 |
| Debian:14 | libvpx | 0, 0, 0 |
| Debian:11 | thunderbird | 1:91.9.0-1~deb9u1, 1:91.9.0-1~deb11u1, 1:91.9.0-1~deb10u1 |
| Debian:11 | firefox-esr | 91.9.1, 91.9.0esr-1~deb10u1, 91.9.0esr-1~deb11u1 |
| Debian:14 | thunderbird | 0, 0, 0 |
| Debian:13 | thunderbird | 0, 0, 0 |
| Debian:12 | chromium | 114.0.5735.198-1~deb11u1, 114.0.5735.106-1~deb12u1, 114.0.5735.133-1 |
| Debian:12 | thunderbird | 1:102.15.0-1~deb10u1, 1:102.14.0-1~deb12u1, 1:102.14.0-1~deb11u1 |
Exploit Intelligence
- Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217 (github-poc)
- Trinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217 (github-poc)
- A PoC to trigger CVE-2023-5217 from the Browser WebCodecs or MediaRecorder interface. (github-poc)
- kev.json (github-poc)
- ios_v2_generated.go (github-poc)
- ios_v1_generated.go (github-poc)
- data.js (github-poc)
- test_ghsa_completeness.py (github-poc)
Timeline
- Sep 28, 2023 CVE Published
- Apr 28, 2026 CVE Updated