Bug 2240759 (CVE-2023-5129) - CVE-2023-5129 libwebp: out-of-bounds write with a specially crafted WebP lossless file
Summary: CVE-2023-5129 libwebp: out-of-bounds write with a specially crafted WebP loss...
Status: CLOSED DUPLICATE of bug 2238431
Alias: CVE-2023-5129
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2241119 2241120 2241121 2241122
Blocks: 2240760
TreeView+ depends on / blocked
Reported: 2023-09-26 10:39 UTC by TEJ RATHI
Modified: 2023-10-09 19:13 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
Clone Of:
Last Closed: 2023-09-28 09:01:32 UTC

Attachments (Terms of Use)

Description TEJ RATHI 2023-09-26 10:39:10 UTC
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.

The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.

The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.


Comment 7 Sandipan Roy 2023-09-28 06:56:33 UTC
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2241119]
Affects: fedora-all [bug 2241120]

Created firefox tracking bugs for this issue:

Affects: fedora-all [bug 2241122]

Created libwebp tracking bugs for this issue:

Affects: fedora-all [bug 2241121]

Comment 9 Sandipan Roy 2023-09-28 09:14:38 UTC

*** This bug has been marked as a duplicate of bug 2238431 ***

Note You need to log in before you can comment on or make changes to this bug.