Bug 2238431 (CVE-2023-4863) - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec
Summary: CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec
Keywords:
Status: NEW
Alias: CVE-2023-4863
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2023-5129 (view as bug list)
Depends On: 2238432 2238433 2238543 2238950 2238951
Blocks: 2238958 2240760
TreeView+ depends on / blocked
 
Reported: 2023-09-11 20:34 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-07-18 05:36 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:5270 0 None None None 2023-09-19 16:27:32 UTC
Red Hat Product Errata RHBA-2023:5311 0 None None None 2023-09-20 10:01:32 UTC
Red Hat Product Errata RHBA-2023:5319 0 None None None 2023-09-21 05:35:58 UTC
Red Hat Product Errata RHBA-2023:5324 0 None None None 2023-09-21 07:36:30 UTC
Red Hat Product Errata RHBA-2023:5325 0 None None None 2023-09-21 09:16:58 UTC
Red Hat Product Errata RHBA-2023:5326 0 None None None 2023-09-21 09:37:13 UTC
Red Hat Product Errata RHBA-2023:5330 0 None None None 2023-09-21 13:06:07 UTC
Red Hat Product Errata RHBA-2023:5340 0 None None None 2023-09-25 07:55:22 UTC
Red Hat Product Errata RHBA-2023:5344 0 None None None 2023-09-25 14:26:58 UTC
Red Hat Product Errata RHBA-2023:5370 0 None None None 2023-09-27 09:05:10 UTC
Red Hat Product Errata RHBA-2023:5372 0 None None None 2023-09-27 10:40:42 UTC
Red Hat Product Errata RHBA-2023:5517 0 None None None 2023-10-09 08:03:12 UTC
Red Hat Product Errata RHSA-2023:5183 0 None None None 2023-09-18 13:31:57 UTC
Red Hat Product Errata RHSA-2023:5184 0 None None None 2023-09-18 13:31:18 UTC
Red Hat Product Errata RHSA-2023:5185 0 None None None 2023-09-18 13:30:23 UTC
Red Hat Product Errata RHSA-2023:5186 0 None None None 2023-09-18 13:45:30 UTC
Red Hat Product Errata RHSA-2023:5187 0 None None None 2023-09-18 13:45:25 UTC
Red Hat Product Errata RHSA-2023:5188 0 None None None 2023-09-18 13:43:03 UTC
Red Hat Product Errata RHSA-2023:5189 0 None None None 2023-09-18 13:49:26 UTC
Red Hat Product Errata RHSA-2023:5190 0 None None None 2023-09-18 13:45:38 UTC
Red Hat Product Errata RHSA-2023:5191 0 None None None 2023-09-18 13:50:27 UTC
Red Hat Product Errata RHSA-2023:5192 0 None None None 2023-09-18 13:49:03 UTC
Red Hat Product Errata RHSA-2023:5197 0 None None None 2023-09-18 13:50:19 UTC
Red Hat Product Errata RHSA-2023:5198 0 None None None 2023-09-18 13:49:32 UTC
Red Hat Product Errata RHSA-2023:5200 0 None None None 2023-09-18 14:25:50 UTC
Red Hat Product Errata RHSA-2023:5201 0 None None None 2023-09-18 14:25:33 UTC
Red Hat Product Errata RHSA-2023:5202 0 None None None 2023-09-18 14:24:56 UTC
Red Hat Product Errata RHSA-2023:5204 0 None None None 2023-09-18 15:15:58 UTC
Red Hat Product Errata RHSA-2023:5205 0 None None None 2023-09-18 15:16:09 UTC
Red Hat Product Errata RHSA-2023:5214 0 None None None 2023-09-19 08:01:27 UTC
Red Hat Product Errata RHSA-2023:5222 0 None None None 2023-09-19 07:58:05 UTC
Red Hat Product Errata RHSA-2023:5223 0 None None None 2023-09-19 08:01:13 UTC
Red Hat Product Errata RHSA-2023:5224 0 None None None 2023-09-19 08:01:35 UTC
Red Hat Product Errata RHSA-2023:5236 0 None None None 2023-09-19 12:41:02 UTC
Red Hat Product Errata RHSA-2023:5309 0 None None None 2023-09-20 07:00:45 UTC

Internal Links: 2238543

Description Guilherme de Almeida Suckevicz 2023-09-11 20:34:34 UTC
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References:
https://crbug.com/1479274
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

Comment 1 Guilherme de Almeida Suckevicz 2023-09-11 20:35:23 UTC
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2238433]
Affects: fedora-all [bug 2238432]

Comment 2 Michael Catanzaro 2023-09-12 22:39:20 UTC
Of course this affects libwebp as well

Comment 3 Andreas Stieger 2023-09-13 14:35:07 UTC
and the Mozillas... https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Comment 4 Michael Catanzaro 2023-09-13 22:31:13 UTC
We wound up using bug #2238543 to track this libwebp issue in Fedora, since the only tracking bug that was created thus far, bug #2238432, was specifically for Chromium.

Comment 5 Michael Catanzaro 2023-09-13 22:32:58 UTC
(In reply to Andreas Stieger from comment #3)
> and the Mozillas...
> https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Unfortunately it does look like Firefox has bundled this library like Chromium does, so it will need to be tracked separately as well.

libwebp has a stable API/ABI, so I wonder why not use the system library. Whatever.

Comment 7 Sandipan Roy 2023-09-14 14:15:18 UTC
Created firefox tracking bugs for this issue:

Affects: fedora-all [bug 2238950]


Created libwebp tracking bugs for this issue:

Affects: fedora-all [bug 2238951]

Comment 15 errata-xmlrpc 2023-09-18 13:30:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5185 https://access.redhat.com/errata/RHSA-2023:5185

Comment 16 errata-xmlrpc 2023-09-18 13:31:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5184 https://access.redhat.com/errata/RHSA-2023:5184

Comment 17 errata-xmlrpc 2023-09-18 13:31:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5183 https://access.redhat.com/errata/RHSA-2023:5183

Comment 18 errata-xmlrpc 2023-09-18 13:43:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5188 https://access.redhat.com/errata/RHSA-2023:5188

Comment 19 errata-xmlrpc 2023-09-18 13:45:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5187 https://access.redhat.com/errata/RHSA-2023:5187

Comment 20 errata-xmlrpc 2023-09-18 13:45:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5186 https://access.redhat.com/errata/RHSA-2023:5186

Comment 21 errata-xmlrpc 2023-09-18 13:45:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5190 https://access.redhat.com/errata/RHSA-2023:5190

Comment 22 errata-xmlrpc 2023-09-18 13:49:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5192 https://access.redhat.com/errata/RHSA-2023:5192

Comment 23 errata-xmlrpc 2023-09-18 13:49:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5189 https://access.redhat.com/errata/RHSA-2023:5189

Comment 24 errata-xmlrpc 2023-09-18 13:49:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5198 https://access.redhat.com/errata/RHSA-2023:5198

Comment 25 errata-xmlrpc 2023-09-18 13:50:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5197 https://access.redhat.com/errata/RHSA-2023:5197

Comment 26 errata-xmlrpc 2023-09-18 13:50:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5191 https://access.redhat.com/errata/RHSA-2023:5191

Comment 27 errata-xmlrpc 2023-09-18 14:24:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5202 https://access.redhat.com/errata/RHSA-2023:5202

Comment 28 errata-xmlrpc 2023-09-18 14:25:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5201 https://access.redhat.com/errata/RHSA-2023:5201

Comment 29 errata-xmlrpc 2023-09-18 14:25:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5200 https://access.redhat.com/errata/RHSA-2023:5200

Comment 30 errata-xmlrpc 2023-09-18 15:15:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5204 https://access.redhat.com/errata/RHSA-2023:5204

Comment 31 errata-xmlrpc 2023-09-18 15:16:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5205 https://access.redhat.com/errata/RHSA-2023:5205

Comment 32 errata-xmlrpc 2023-09-19 07:58:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2023:5222 https://access.redhat.com/errata/RHSA-2023:5222

Comment 33 errata-xmlrpc 2023-09-19 08:01:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5223 https://access.redhat.com/errata/RHSA-2023:5223

Comment 34 errata-xmlrpc 2023-09-19 08:01:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5214 https://access.redhat.com/errata/RHSA-2023:5214

Comment 35 errata-xmlrpc 2023-09-19 08:01:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5224 https://access.redhat.com/errata/RHSA-2023:5224

Comment 37 errata-xmlrpc 2023-09-19 12:41:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5236 https://access.redhat.com/errata/RHSA-2023:5236

Comment 40 errata-xmlrpc 2023-09-20 07:00:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5309 https://access.redhat.com/errata/RHSA-2023:5309

Comment 44 Sandipan Roy 2023-09-28 09:14:38 UTC
*** Bug 2240759 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.