Bug 2238431 (CVE-2023-4863) - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec
Summary: CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec
Keywords:
Status: NEW
Alias: CVE-2023-4863
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2023-5129 (view as bug list)
Depends On: 2238432 2238433 2238543 2238950 2238951
Blocks: 2238958 2240760
TreeView+ depends on / blocked
 
Reported: 2023-09-11 20:34 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-03-02 08:27 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:5270 0 None None None 2023-09-19 16:27:32 UTC
Red Hat Product Errata RHBA-2023:5311 0 None None None 2023-09-20 10:01:32 UTC
Red Hat Product Errata RHBA-2023:5319 0 None None None 2023-09-21 05:35:58 UTC
Red Hat Product Errata RHBA-2023:5324 0 None None None 2023-09-21 07:36:30 UTC
Red Hat Product Errata RHBA-2023:5325 0 None None None 2023-09-21 09:16:58 UTC
Red Hat Product Errata RHBA-2023:5326 0 None None None 2023-09-21 09:37:13 UTC
Red Hat Product Errata RHBA-2023:5330 0 None None None 2023-09-21 13:06:07 UTC
Red Hat Product Errata RHBA-2023:5340 0 None None None 2023-09-25 07:55:22 UTC
Red Hat Product Errata RHBA-2023:5344 0 None None None 2023-09-25 14:26:58 UTC
Red Hat Product Errata RHBA-2023:5370 0 None None None 2023-09-27 09:05:10 UTC
Red Hat Product Errata RHBA-2023:5372 0 None None None 2023-09-27 10:40:42 UTC
Red Hat Product Errata RHBA-2023:5517 0 None None None 2023-10-09 08:03:12 UTC
Red Hat Product Errata RHSA-2023:5183 0 None None None 2023-09-18 13:31:57 UTC
Red Hat Product Errata RHSA-2023:5184 0 None None None 2023-09-18 13:31:18 UTC
Red Hat Product Errata RHSA-2023:5185 0 None None None 2023-09-18 13:30:23 UTC
Red Hat Product Errata RHSA-2023:5186 0 None None None 2023-09-18 13:45:30 UTC
Red Hat Product Errata RHSA-2023:5187 0 None None None 2023-09-18 13:45:25 UTC
Red Hat Product Errata RHSA-2023:5188 0 None None None 2023-09-18 13:43:03 UTC
Red Hat Product Errata RHSA-2023:5189 0 None None None 2023-09-18 13:49:26 UTC
Red Hat Product Errata RHSA-2023:5190 0 None None None 2023-09-18 13:45:38 UTC
Red Hat Product Errata RHSA-2023:5191 0 None None None 2023-09-18 13:50:27 UTC
Red Hat Product Errata RHSA-2023:5192 0 None None None 2023-09-18 13:49:03 UTC
Red Hat Product Errata RHSA-2023:5197 0 None None None 2023-09-18 13:50:19 UTC
Red Hat Product Errata RHSA-2023:5198 0 None None None 2023-09-18 13:49:32 UTC
Red Hat Product Errata RHSA-2023:5200 0 None None None 2023-09-18 14:25:50 UTC
Red Hat Product Errata RHSA-2023:5201 0 None None None 2023-09-18 14:25:33 UTC
Red Hat Product Errata RHSA-2023:5202 0 None None None 2023-09-18 14:24:56 UTC
Red Hat Product Errata RHSA-2023:5204 0 None None None 2023-09-18 15:15:58 UTC
Red Hat Product Errata RHSA-2023:5205 0 None None None 2023-09-18 15:16:09 UTC
Red Hat Product Errata RHSA-2023:5214 0 None None None 2023-09-19 08:01:27 UTC
Red Hat Product Errata RHSA-2023:5222 0 None None None 2023-09-19 07:58:05 UTC
Red Hat Product Errata RHSA-2023:5223 0 None None None 2023-09-19 08:01:13 UTC
Red Hat Product Errata RHSA-2023:5224 0 None None None 2023-09-19 08:01:35 UTC
Red Hat Product Errata RHSA-2023:5236 0 None None None 2023-09-19 12:41:02 UTC
Red Hat Product Errata RHSA-2023:5309 0 None None None 2023-09-20 07:00:45 UTC

Internal Links: 2238543

Description Guilherme de Almeida Suckevicz 2023-09-11 20:34:34 UTC 
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References:
https://crbug.com/1479274
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Comment 1 Guilherme de Almeida Suckevicz 2023-09-11 20:35:23 UTC 
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2238433]
Affects: fedora-all [bug 2238432]
Comment 2 Michael Catanzaro 2023-09-12 22:39:20 UTC 
Of course this affects libwebp as well
Comment 3 Andreas Stieger 2023-09-13 14:35:07 UTC 
and the Mozillas... https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Comment 4 Michael Catanzaro 2023-09-13 22:31:13 UTC 
We wound up using bug #2238543 to track this libwebp issue in Fedora, since the only tracking bug that was created thus far, bug #2238432, was specifically for Chromium.
Comment 5 Michael Catanzaro 2023-09-13 22:32:58 UTC 
(In reply to Andreas Stieger from comment #3)
> and the Mozillas...
> https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Unfortunately it does look like Firefox has bundled this library like Chromium does, so it will need to be tracked separately as well.

libwebp has a stable API/ABI, so I wonder why not use the system library. Whatever.
Comment 7 Sandipan Roy 2023-09-14 14:15:18 UTC 
Created firefox tracking bugs for this issue:

Affects: fedora-all [bug 2238950]


Created libwebp tracking bugs for this issue:

Affects: fedora-all [bug 2238951]
Comment 12 Sandipan Roy 2023-09-14 15:50:55 UTC 
Patch:
https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/
https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
https://chromium.googlesource.com/webm/libwebp/+/902bc91
Comment 13 Sandipan Roy 2023-09-14 17:16:47 UTC 
https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
Comment 15 errata-xmlrpc 2023-09-18 13:30:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5185 https://access.redhat.com/errata/RHSA-2023:5185
Comment 16 errata-xmlrpc 2023-09-18 13:31:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5184 https://access.redhat.com/errata/RHSA-2023:5184
Comment 17 errata-xmlrpc 2023-09-18 13:31:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5183 https://access.redhat.com/errata/RHSA-2023:5183
Comment 18 errata-xmlrpc 2023-09-18 13:43:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5188 https://access.redhat.com/errata/RHSA-2023:5188
Comment 19 errata-xmlrpc 2023-09-18 13:45:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5187 https://access.redhat.com/errata/RHSA-2023:5187
Comment 20 errata-xmlrpc 2023-09-18 13:45:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5186 https://access.redhat.com/errata/RHSA-2023:5186
Comment 21 errata-xmlrpc 2023-09-18 13:45:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5190 https://access.redhat.com/errata/RHSA-2023:5190
Comment 22 errata-xmlrpc 2023-09-18 13:49:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5192 https://access.redhat.com/errata/RHSA-2023:5192
Comment 23 errata-xmlrpc 2023-09-18 13:49:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5189 https://access.redhat.com/errata/RHSA-2023:5189
Comment 24 errata-xmlrpc 2023-09-18 13:49:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5198 https://access.redhat.com/errata/RHSA-2023:5198
Comment 25 errata-xmlrpc 2023-09-18 13:50:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5197 https://access.redhat.com/errata/RHSA-2023:5197
Comment 26 errata-xmlrpc 2023-09-18 13:50:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5191 https://access.redhat.com/errata/RHSA-2023:5191
Comment 27 errata-xmlrpc 2023-09-18 14:24:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5202 https://access.redhat.com/errata/RHSA-2023:5202
Comment 28 errata-xmlrpc 2023-09-18 14:25:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5201 https://access.redhat.com/errata/RHSA-2023:5201
Comment 29 errata-xmlrpc 2023-09-18 14:25:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5200 https://access.redhat.com/errata/RHSA-2023:5200
Comment 30 errata-xmlrpc 2023-09-18 15:15:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5204 https://access.redhat.com/errata/RHSA-2023:5204
Comment 31 errata-xmlrpc 2023-09-18 15:16:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5205 https://access.redhat.com/errata/RHSA-2023:5205
Comment 32 errata-xmlrpc 2023-09-19 07:58:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2023:5222 https://access.redhat.com/errata/RHSA-2023:5222
Comment 33 errata-xmlrpc 2023-09-19 08:01:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5223 https://access.redhat.com/errata/RHSA-2023:5223
Comment 34 errata-xmlrpc 2023-09-19 08:01:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5214 https://access.redhat.com/errata/RHSA-2023:5214
Comment 35 errata-xmlrpc 2023-09-19 08:01:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5224 https://access.redhat.com/errata/RHSA-2023:5224
Comment 37 errata-xmlrpc 2023-09-19 12:41:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5236 https://access.redhat.com/errata/RHSA-2023:5236
Comment 40 errata-xmlrpc 2023-09-20 07:00:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5309 https://access.redhat.com/errata/RHSA-2023:5309
Comment 44 Sandipan Roy 2023-09-28 09:14:38 UTC 
*** Bug 2240759 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.