CLSA-2023-1697016696
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1697016696.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2023-1697016696
- Upstream
- Published
- 2023-10-11T09:31:40Z
- Modified
- 2026-06-04T10:03:38.529775578Z
- Summary
- Fix CVE(s): CVE-2023-4863, CVE-2023-4836
- Details
-
- SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2023-4863-pre.patch: prepare sources to be patched
- debian/patches/CVE-2023-4863-1.patch: first, BuildHuffmanTable() is called to check if the data is valid. If it is and the table is not big enough, more memory is allocated. This will make sure that valid (but unoptimized because of unbalanced codes) streams are still decodable.
- debian/patches/CVE-2023-4863-2.patch: fix memory error
- debian/patches/CVE-2023-4863-3.patch: remove unused code
- debian/patches/CVE-2023-4863-4.patch: fix pointer offset int overflow
- CVE-2023-4836
- SECURITY UPDATE: Heap buffer overflow
- References
Affected packages
TuxCare:Ubuntu:18.04 / libwebp-dev
Package
- Name
- libwebp-dev
- Purl
- pkg:deb/tuxcare/libwebp-dev?distro=ubuntu-18.04
TuxCare:Ubuntu:18.04 / libwebp6
Package
- Name
- libwebp6
- Purl
- pkg:deb/tuxcare/libwebp6?distro=ubuntu-18.04
TuxCare:Ubuntu:18.04 / libwebpdemux2
Package
- Name
- libwebpdemux2
- Purl
- pkg:deb/tuxcare/libwebpdemux2?distro=ubuntu-18.04
TuxCare:Ubuntu:18.04 / libwebpmux3
Package
- Name
- libwebpmux3
- Purl
- pkg:deb/tuxcare/libwebpmux3?distro=ubuntu-18.04