GHSA-j646-gj5p-p45g

Source

https://github.com/advisories/GHSA-j646-gj5p-p45g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-j646-gj5p-p45g/GHSA-j646-gj5p-p45g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j646-gj5p-p45g

Published

2023-09-21T17:11:42Z

Modified

2024-12-07T05:40:04.584179Z

Summary

CefSharp affected by heap buffer overflow in WebP

Details

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

https://www.cve.org/CVERecord?id=CVE-2023-4863
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability

Updated

There is another related security vulnerability.

There's another related CVE (CVE-2023-5217) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (--disable-blink-features=WebCodecs).

As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-21T17:11:42Z"
}

References

Affected packages

NuGet / CefSharp.Common

Package

Name: CefSharp.Common; View open source insights on deps.dev
Purl: pkg:nuget/CefSharp.Common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

116.0.230

Affected versions

31.*

31.0.0-pre1

33.*

33.0.0

33.0.2

33.1.0-pre01

37.*

37.0.0-pre01

37.0.0-pre02

37.0.0

37.0.1

37.0.2

37.0.3

39.*

39.0.0-pre01

39.0.0-pre02

39.0.0-pre03

39.0.0

39.0.1

39.0.2

41.*

41.0.0-pre01

41.0.0

41.0.1

43.*

43.0.0-pre01

43.0.0-pre02

43.0.0

43.0.1

45.*

45.0.0-pre01

45.0.0

47.*

47.0.0-pre01

47.0.0

47.0.1

47.0.2

47.0.3

47.0.4

49.*

49.0.0-pre01

49.0.0-pre02

49.0.0

49.0.1

51.*

51.0.0-pre01

51.0.0-pre02

51.0.0

53.*

53.0.0-pre01

53.0.0

53.0.1

55.*

55.0.0-pre01

55.0.0

57.*

57.0.0-pre01

57.0.0

62.*

62.0.0-pre01

62.0.0-proprietary-codecs

62.0.0-proprietary-codecs2

63.*

63.0.0-pre01

63.0.0-pre02

63.0.0-pre03

63.0.0

63.0.1

63.0.2

63.0.3

65.*

65.0.0-pre01

65.0.0-pre02

65.0.0

65.0.1

67.*

67.0.0-pre01

67.0.0

69.*

69.0.0-pre01

69.0.0

71.*

71.0.0-pre01

71.0.0

71.0.1

71.0.2

73.*

73.1.120-pre01

73.1.130

75.*

75.1.140-pre01

75.1.141

75.1.142

75.1.143

79.*

79.1.310-pre

79.1.350

79.1.360

81.*

81.3.20-pre

81.3.100

83.*

83.3.120-pre

83.4.20

84.*

84.3.10-pre

84.4.10

85.*

85.3.120-pre

85.3.121-pre

85.3.121

85.3.130

86.*

86.0.240-pre

86.0.241

87.*

87.1.130-pre

87.1.131-pre

87.1.132

88.*

88.2.40-pre

88.2.90

89.*

89.0.140-pre

89.0.170

90.*

90.5.70-pre

90.6.50

90.6.70

91.*

91.1.60-pre

91.1.160

91.1.210

91.1.211

91.1.230

92.*

92.0.250-pre

92.0.251

92.0.260

93.*

93.1.110-pre

93.1.111

93.1.140

94.*

94.3.0-pre

94.4.20

94.4.50

94.4.110

95.*

95.7.140-pre

95.7.141

96.*

96.0.140-pre

96.0.141

96.0.142

96.0.170

96.0.180

97.*

97.1.10-pre

97.1.11

97.1.12

97.1.60

97.1.61

98.*

98.1.190

98.1.210

99.*

99.2.90

99.2.120

99.2.140

100.*

100.0.120-pre

100.0.140

100.0.230

101.*

101.0.150

101.0.180

102.*

102.0.90

102.0.100

103.*

103.0.80

103.0.90

103.0.120

104.*

104.4.180

104.4.240

105.*

105.3.330

105.3.390

106.*

106.0.260

106.0.290

107.*

107.1.40

107.1.50

107.1.90

107.1.120

108.*

108.4.130

109.*

109.1.110

110.*

110.0.250

110.0.280

110.0.300

111.*

111.2.20

111.2.70

112.*

112.2.70

112.3.0

113.*

113.1.40

113.3.50

114.*

114.2.100

114.2.120

115.*

115.3.110

115.3.130

116.*

116.0.130

116.0.150

116.0.190

NuGet / CefSharp.Common.NETCore