GHSA-j7hp-h8jx-5ppr

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-j7hp-h8jx-5ppr/GHSA-j7hp-h8jx-5ppr.json

Aliases

CVE-2023-4863 ( RUSTSEC-2023-0060, RUSTSEC-2023-0061 )

Published

2023-09-12T15:30:20Z

Modified

2023-09-22T19:31:22.626785Z

Details

Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.

References

Affected packages

crates.io / libwebp-sys2

Source Details

Package Name: libwebp-sys2

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.1.8

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

crates.io / libwebp-sys

Source Details

Package Name: libwebp-sys

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.9.3

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

npm / electron

Source Details

Package Name: electron

Affected ranges

Type: SEMVER
Events: Introduced

22.0.0

Fixed

22.3.24

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

npm / electron

Source Details

Package Name: electron

Affected ranges

Type: SEMVER
Events: Introduced

24.0.0

Fixed

24.8.3

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

npm / electron

Source Details

Package Name: electron

Affected ranges

Type: SEMVER
Events: Introduced

25.0.0

Fixed

25.8.1

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

npm / electron

Source Details

Package Name: electron

Affected ranges

Type: SEMVER
Events: Introduced

26.0.0

Fixed

26.2.1

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

npm / electron

Source Details

Package Name: electron

Affected ranges

Type: SEMVER
Events: Introduced

27.0.0-beta.1

Fixed

27.0.0-beta.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

NuGet / SkiaSharp

Source Details

Package Name: SkiaSharp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.88.6

Affected versions

2.*

2.80.0

2.80.1

2.80.2

2.80.3

2.80.4

2.88.0

2.88.1

2.88.2

2.88.3

2.88.4

2.88.5

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

Go / github.com/chai2010/webp

Source Details

Package Name: github.com/chai2010/webp

Affected ranges

Type: SEMVER
Events: Introduced

1.0.0

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}