CVE-2023-4863

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4863.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4863
Aliases
Downstream
Related
Published
2023-09-12T15:15:24Z
Modified
2025-10-21T13:31:30.719530Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

Affected packages

Git / github.com/webmproject/libwebp

Affected ranges

Type
GIT
Repo
https://github.com/webmproject/libwebp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
902bc9190331343b2017211debcec8d2ab87e17a
Fixed
ca332209cb5567c9b249c86788cb2dbf8847e760

Affected versions

v0.*

v0.1.2
v0.1.3
v0.1.99
v0.2.0
v0.2.0-rc1
v0.2.1
v0.3.0
v0.3.0-rc6
v0.3.0-rc7
v0.3.1
v0.3.1-rc1
v0.3.1-rc2
v0.4.0
v0.4.0-rc1
v0.4.1
v0.4.1-rc1
v0.5.0
v0.5.0-rc1
v0.5.1
v0.5.1-rc5
v0.5.2
v0.5.2-rc2
v0.6.0
v0.6.0-rc2
v0.6.0-rc3
v0.6.1
v0.6.1-rc2

v1.*

v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.1
v1.0.1-rc2
v1.0.2
v1.0.2-rc1
v1.0.3
v1.0.3-rc1
v1.1.0
v1.1.0-rc2
v1.2.0
v1.2.0-rc3
v1.2.1
v1.2.1-rc2
v1.2.2
v1.2.2-rc1
v1.2.2-rc2
v1.2.3
v1.2.3-rc1
v1.2.4
v1.3.0
v1.3.0-rc1
v1.3.1
v1.3.1-rc1
v1.3.1-rc2

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
        "signature_version": "v1",
        "target": {
            "file": "src/dec/vp8li_dec.h"
        },
        "digest": {
            "line_hashes": [
                "20134740730605791402509200455302630941",
                "136648906070994206943738037015888819806",
                "232356828012318700083917498119399758794",
                "37020882375958065571817200082347569363"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-4863-3703e29f"
    },
    {
        "source": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
        "signature_version": "v1",
        "target": {
            "file": "src/utils/huffman_utils.h"
        },
        "digest": {
            "line_hashes": [
                "210680425751445647392974712312166516434",
                "31176131428327197556084923347153299803",
                "91413042216609002235528185241791249822",
                "273450130334326004710231764491864605384",
                "97403937494087092732307438335378299067",
                "183915759203804892541396210553818051906",
                "218815111059650688860257620488376646006"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-4863-903fc9e4"
    },
    {
        "source": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
        "signature_version": "v1",
        "target": {
            "file": "src/dec/vp8l_dec.c"
        },
        "digest": {
            "line_hashes": [
                "271948026291282679915020711765944277644",
                "262252171417285278396190219750969423297",
                "148769860740082019780466540147402480452",
                "210145805502744439188840045708050512589",
                "35045463450424597200053605992676636204",
                "64766116049401205963382856096159133016",
                "199857997552244871809490827006375407869",
                "19508379791752261999511906430439999976",
                "228171279559466439552632197667773266539",
                "151576406092307753477191614656856352818",
                "253045320118918568491627921939403555705",
                "130445939594778113211731509372766920561",
                "120076622227917682491764850393839101917",
                "284362866993109694925581498077114712657",
                "137003821122577824635294804739146166789",
                "112588836660070022639592100708547253158",
                "80951286132688567743133278832665098378",
                "269574673249262310077259878437192371215",
                "252443284945298872410908993903016361511",
                "159257432654087281696134800911303867693",
                "291750083337732318662709987572573616830",
                "169088151181716300303842140093765755918",
                "73550526054077245811164979480865709647",
                "137425105189849639014823927868322683325",
                "291243115522035543821384978063358782303",
                "178642488364606593579676655197420657813",
                "298358522057652572101438670807195076303",
                "296404297189211934789742530714505713594",
                "247530072585474083441594850150604125475",
                "279560637154054723920761559897853486777",
                "202655542227860580080550069313697685541",
                "300383687110456121784217000941022389469",
                "192297749408518192473170605731069214262",
                "283940877786059570739337614271542237873",
                "276748998161991204499405585688807490389",
                "225298851476652200041146005344964915850",
                "25926333490899675358408004217915439110",
                "121271864338623016227831636388829667369",
                "3261922525234354196880407410666053244",
                "93490408030208102553449128636581277522",
                "56169827678954796002461554515733955394",
                "146434498251422795792724255787630145257",
                "180061472657521040892563784991030675291",
                "28456919384561916568486403753570021157",
                "141591542593831588193439876159158717749",
                "143026966034998223926469464146658131125",
                "214863518128816089569328548838396476266",
                "181159102842818032171371684569701144472",
                "100549082727312540877472668665834378775",
                "43581069938430831587912090271434024516",
                "73651109845734901883398747017515852367",
                "115445385881407562798806355037454872759",
                "110463014747451642918800005342832693488",
                "254069557418689661914117668276367867146",
                "328830259662328988457898205652053121965",
                "238858969565005325952513859319399381516",
                "111234782651036060340979675411769789231",
                "172081266457316932040744692285306655916",
                "248566039298899952992969157639115673789",
                "119985745181292829676238729059280428135",
                "167694533597920009083942283657848514212",
                "264725772127853413985386923114761986085",
                "319322622918909763052091702521534025749",
                "298957801119027805276587464952973149993",
                "62837709564002461020449103231436455248",
                "313049931741831224027067891725458321568",
                "234345581826703249538457366286627621387",
                "200300177457112355832449360393082008763",
                "48551747108970203382132381719056013424",
                "274300588330689046282791831363004929420",
                "309105406738991267509915155779836680981",
                "310052527010005599966394898527644151396"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-4863-ccb3931c"
    },
    {
        "source": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
        "signature_version": "v1",
        "target": {
            "file": "src/utils/huffman_utils.c"
        },
        "digest": {
            "line_hashes": [
                "204781606502151800260619611752625644818",
                "185106167987738524761390329650955829619",
                "305816608561040735805928812483133554564",
                "59392845666000361311742466361202540751",
                "163544756746094738569689619927773583208",
                "64351449055211388586989071028165712970",
                "18629077194446828728726317177332368712",
                "223007749125293494574594639015320091978",
                "236680345559470387610260309003459465438",
                "226067468273456595296407121508288106200",
                "321923281581885145865730435223215193746",
                "231666192913856095838086834941208983265",
                "181054860789483302711806005905772321308",
                "79258257990473166470619511931141812522",
                "200328652613175569443260201006420835059",
                "6676361250043582523572721889987948436",
                "200076656036652498604570028039742429935",
                "189120569564892762059446620707941915190",
                "323711977447033501678429042127603698316",
                "269845760469900685143393871538905460386",
                "4720203203833394296686175345248656821",
                "56107595494770414169033152965635542500",
                "220250410205055553327705516994151907780",
                "139029986952383583081732583543121227225",
                "225906645224314157815939602383793184376",
                "155588090218342557940253942580447666642",
                "309051081962351778948184717950795815509",
                "245539949468760808910768168636209190145",
                "244292944973542475936500071963500771088",
                "94475619690918640400365047181728977924",
                "195366773349676590075927548152953695014",
                "279482347794562642676571009996899462113",
                "48927683219126065761174863204405289860",
                "214789503505984548988643500713495921103",
                "25920949994098500062101683129657787955",
                "40948343052415876263205953168564566778",
                "32377182047332644615623785857061877577",
                "213828181346851087381515831448269560908",
                "261689318391222986394302351952710236908"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-4863-ecfb528b"
    }
]