Bug 2238431 (CVE-2023-4863) - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec
Summary: CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec
Keywords:
Status: NEW
Alias: CVE-2023-4863
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2023-5129 (view as bug list)
Depends On: 2238432 2238433 2238543 2238950 2238951
Blocks: 2238958 2240760
TreeView+ depends on / blocked
 
Reported: 2023-09-11 20:34 UTC by Guilherme de Almeida Suckevicz
Modified: 2025-03-20 11:15 UTC (History)
14 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:5270 0 None None None 2023-09-19 16:27:32 UTC
Red Hat Product Errata RHBA-2023:5311 0 None None None 2023-09-20 10:01:32 UTC
Red Hat Product Errata RHBA-2023:5319 0 None None None 2023-09-21 05:35:58 UTC
Red Hat Product Errata RHBA-2023:5324 0 None None None 2023-09-21 07:36:30 UTC
Red Hat Product Errata RHBA-2023:5325 0 None None None 2023-09-21 09:16:58 UTC
Red Hat Product Errata RHBA-2023:5326 0 None None None 2023-09-21 09:37:13 UTC
Red Hat Product Errata RHBA-2023:5330 0 None None None 2023-09-21 13:06:07 UTC
Red Hat Product Errata RHBA-2023:5340 0 None None None 2023-09-25 07:55:22 UTC
Red Hat Product Errata RHBA-2023:5344 0 None None None 2023-09-25 14:26:58 UTC
Red Hat Product Errata RHBA-2023:5370 0 None None None 2023-09-27 09:05:10 UTC
Red Hat Product Errata RHBA-2023:5372 0 None None None 2023-09-27 10:40:42 UTC
Red Hat Product Errata RHBA-2023:5517 0 None None None 2023-10-09 08:03:12 UTC
Red Hat Product Errata RHSA-2023:5183 0 None None None 2023-09-18 13:31:57 UTC
Red Hat Product Errata RHSA-2023:5184 0 None None None 2023-09-18 13:31:18 UTC
Red Hat Product Errata RHSA-2023:5185 0 None None None 2023-09-18 13:30:23 UTC
Red Hat Product Errata RHSA-2023:5186 0 None None None 2023-09-18 13:45:30 UTC
Red Hat Product Errata RHSA-2023:5187 0 None None None 2023-09-18 13:45:25 UTC
Red Hat Product Errata RHSA-2023:5188 0 None None None 2023-09-18 13:43:03 UTC
Red Hat Product Errata RHSA-2023:5189 0 None None None 2023-09-18 13:49:26 UTC
Red Hat Product Errata RHSA-2023:5190 0 None None None 2023-09-18 13:45:38 UTC
Red Hat Product Errata RHSA-2023:5191 0 None None None 2023-09-18 13:50:27 UTC
Red Hat Product Errata RHSA-2023:5192 0 None None None 2023-09-18 13:49:03 UTC
Red Hat Product Errata RHSA-2023:5197 0 None None None 2023-09-18 13:50:19 UTC
Red Hat Product Errata RHSA-2023:5198 0 None None None 2023-09-18 13:49:32 UTC
Red Hat Product Errata RHSA-2023:5200 0 None None None 2023-09-18 14:25:50 UTC
Red Hat Product Errata RHSA-2023:5201 0 None None None 2023-09-18 14:25:33 UTC
Red Hat Product Errata RHSA-2023:5202 0 None None None 2023-09-18 14:24:56 UTC
Red Hat Product Errata RHSA-2023:5204 0 None None None 2023-09-18 15:15:58 UTC
Red Hat Product Errata RHSA-2023:5205 0 None None None 2023-09-18 15:16:09 UTC
Red Hat Product Errata RHSA-2023:5214 0 None None None 2023-09-19 08:01:27 UTC
Red Hat Product Errata RHSA-2023:5222 0 None None None 2023-09-19 07:58:05 UTC
Red Hat Product Errata RHSA-2023:5223 0 None None None 2023-09-19 08:01:13 UTC
Red Hat Product Errata RHSA-2023:5224 0 None None None 2023-09-19 08:01:35 UTC
Red Hat Product Errata RHSA-2023:5236 0 None None None 2023-09-19 12:41:02 UTC
Red Hat Product Errata RHSA-2023:5309 0 None None None 2023-09-20 07:00:45 UTC

Internal Links: 2238543

Description Guilherme de Almeida Suckevicz 2023-09-11 20:34:34 UTC 
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References:
https://crbug.com/1479274
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Comment 1 Guilherme de Almeida Suckevicz 2023-09-11 20:35:23 UTC 
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2238433]
Affects: fedora-all [bug 2238432]
Comment 2 Michael Catanzaro 2023-09-12 22:39:20 UTC 
Of course this affects libwebp as well
Comment 3 Andreas Stieger 2023-09-13 14:35:07 UTC 
and the Mozillas... https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Comment 4 Michael Catanzaro 2023-09-13 22:31:13 UTC 
We wound up using bug #2238543 to track this libwebp issue in Fedora, since the only tracking bug that was created thus far, bug #2238432, was specifically for Chromium.
Comment 5 Michael Catanzaro 2023-09-13 22:32:58 UTC 
(In reply to Andreas Stieger from comment #3)
> and the Mozillas...
> https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Unfortunately it does look like Firefox has bundled this library like Chromium does, so it will need to be tracked separately as well.

libwebp has a stable API/ABI, so I wonder why not use the system library. Whatever.
Comment 7 Sandipan Roy 2023-09-14 14:15:18 UTC 
Created firefox tracking bugs for this issue:

Affects: fedora-all [bug 2238950]


Created libwebp tracking bugs for this issue:

Affects: fedora-all [bug 2238951]
Comment 12 Sandipan Roy 2023-09-14 15:50:55 UTC 
Patch:
https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/
https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
https://chromium.googlesource.com/webm/libwebp/+/902bc91
Comment 13 Sandipan Roy 2023-09-14 17:16:47 UTC 
https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
Comment 15 errata-xmlrpc 2023-09-18 13:30:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5185 https://access.redhat.com/errata/RHSA-2023:5185
Comment 16 errata-xmlrpc 2023-09-18 13:31:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5184 https://access.redhat.com/errata/RHSA-2023:5184
Comment 17 errata-xmlrpc 2023-09-18 13:31:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5183 https://access.redhat.com/errata/RHSA-2023:5183
Comment 18 errata-xmlrpc 2023-09-18 13:43:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5188 https://access.redhat.com/errata/RHSA-2023:5188
Comment 19 errata-xmlrpc 2023-09-18 13:45:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5187 https://access.redhat.com/errata/RHSA-2023:5187
Comment 20 errata-xmlrpc 2023-09-18 13:45:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5186 https://access.redhat.com/errata/RHSA-2023:5186
Comment 21 errata-xmlrpc 2023-09-18 13:45:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5190 https://access.redhat.com/errata/RHSA-2023:5190
Comment 22 errata-xmlrpc 2023-09-18 13:49:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5192 https://access.redhat.com/errata/RHSA-2023:5192
Comment 23 errata-xmlrpc 2023-09-18 13:49:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5189 https://access.redhat.com/errata/RHSA-2023:5189
Comment 24 errata-xmlrpc 2023-09-18 13:49:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5198 https://access.redhat.com/errata/RHSA-2023:5198
Comment 25 errata-xmlrpc 2023-09-18 13:50:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5197 https://access.redhat.com/errata/RHSA-2023:5197
Comment 26 errata-xmlrpc 2023-09-18 13:50:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5191 https://access.redhat.com/errata/RHSA-2023:5191
Comment 27 errata-xmlrpc 2023-09-18 14:24:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5202 https://access.redhat.com/errata/RHSA-2023:5202
Comment 28 errata-xmlrpc 2023-09-18 14:25:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5201 https://access.redhat.com/errata/RHSA-2023:5201
Comment 29 errata-xmlrpc 2023-09-18 14:25:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5200 https://access.redhat.com/errata/RHSA-2023:5200
Comment 30 errata-xmlrpc 2023-09-18 15:15:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5204 https://access.redhat.com/errata/RHSA-2023:5204
Comment 31 errata-xmlrpc 2023-09-18 15:16:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5205 https://access.redhat.com/errata/RHSA-2023:5205
Comment 32 errata-xmlrpc 2023-09-19 07:58:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2023:5222 https://access.redhat.com/errata/RHSA-2023:5222
Comment 33 errata-xmlrpc 2023-09-19 08:01:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5223 https://access.redhat.com/errata/RHSA-2023:5223
Comment 34 errata-xmlrpc 2023-09-19 08:01:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5214 https://access.redhat.com/errata/RHSA-2023:5214
Comment 35 errata-xmlrpc 2023-09-19 08:01:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5224 https://access.redhat.com/errata/RHSA-2023:5224
Comment 37 errata-xmlrpc 2023-09-19 12:41:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5236 https://access.redhat.com/errata/RHSA-2023:5236
Comment 40 errata-xmlrpc 2023-09-20 07:00:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5309 https://access.redhat.com/errata/RHSA-2023:5309
Comment 44 Sandipan Roy 2023-09-28 09:14:38 UTC 
*** Bug 2240759 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.