RUSTSEC-2023-0060

Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0060.json

Aliases

CVE-2023-4863 ( GHSA-j7hp-h8jx-5ppr, RUSTSEC-2023-0061 )

Published

2023-09-12T12:00:00Z

Modified

2023-09-13T14:10:22Z

Details

Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.

libwebp needs to be updated to include a patch for "OOB write in BuildHuffmanTable".

References

https://crates.io/crates/libwebp-sys2
https://rustsec.org/advisories/RUSTSEC-2023-0060.html

Affected packages

crates.io / libwebp-sys2

Source Details

Package Name: libwebp-sys2

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.1.8

Ecosystem specific

{
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}