{"id":"CVE-2023-4863","details":"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)","aliases":["A-299477569","ASB-A-299477569","CVE-2023-5129","GHSA-j7hp-h8jx-5ppr","RUSTSEC-2023-0060","RUSTSEC-2023-0061"],"modified":"2026-04-16T04:33:45.410927132Z","published":"2023-09-12T15:15:24.327Z","related":["ALSA-2023:5184","ALSA-2023:5200","ALSA-2023:5201","ALSA-2023:5214","ALSA-2023:5224","ALSA-2023:5309","CGA-75hp-cxgv-82q3","PYSEC-2023-174","PYSEC-2023-175","PYSEC-2023-181","PYSEC-2023-182","PYSEC-2023-183","PYSEC-2023-184","SUSE-SU-2023:3609-1","SUSE-SU-2023:3610-1","SUSE-SU-2023:3626-1","SUSE-SU-2023:3634-1","SUSE-SU-2023:3664-1","SUSE-SU-2023:3794-1","SUSE-SU-2023:3829-1","openSUSE-SU-2023:0246-1","openSUSE-SU-2023:0247-1","openSUSE-SU-2023:0278-1","openSUSE-SU-2024:13227-1","openSUSE-SU-2024:13228-1","openSUSE-SU-2024:13229-1","openSUSE-SU-2024:13231-1","openSUSE-SU-2024:13232-1","openSUSE-SU-2024:13255-1","openSUSE-SU-2024:13265-1","openSUSE-SU-2024:13266-1","openSUSE-SU-2024:13270-1","openSUSE-SU-2024:13271-1","openSUSE-SU-2024:13284-1","openSUSE-SU-2024:13338-1","openSUSE-SU-2024:13353-1","openSUSE-SU-2024:13462-1","openSUSE-SU-2024:13484-1","openSUSE-SU-2024:13595-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"},{"type":"ADVISORY","url":"https://en.bandisoft.com/honeyview/history/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202309-05"},{"type":"ADVISORY","url":"https://www.bentley.com/advisories/be-2023-0001/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5498"},{"type":"ADVISORY","url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"},{"type":"ADVISORY","url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"},{"type":"ADVISORY","url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"},{"type":"ADVISORY","url":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-10"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230929-0011/"},{"type":"REPORT","url":"https://crbug.com/1479274"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1215231"},{"type":"REPORT","url":"https://security-tracker.debian.org/tracker/CVE-2023-4863"},{"type":"FIX","url":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"},{"type":"FIX","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/22/1"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/28/1"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/28/2"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/22/3"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/22/5"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/28/4"},{"type":"ARTICLE","url":"https://www.debian.org/security/2023/dsa-5497"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"},{"type":"ARTICLE","url":"https://www.debian.org/security/2023/dsa-5496"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/22/4"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/22/7"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/21/4"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/22/6"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/22/8"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/26/1"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/09/26/7"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"},{"type":"EVIDENCE","url":"https://blog.isosceles.com/the-webp-0day/"},{"type":"EVIDENCE","url":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"},{"type":"EVIDENCE","url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"},{"type":"EVIDENCE","url":"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"},{"type":"EVIDENCE","url":"https://news.ycombinator.com/item?id=37478403"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webmproject/libwebp","events":[{"introduced":"0"},{"fixed":"ca332209cb5567c9b249c86788cb2dbf8847e760"},{"fixed":"902bc9190331343b2017211debcec8d2ab87e17a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.3.2"}]}}],"versions":["v0.1.2","v0.1.3","v1.0.2","v1.0.2-rc1","v1.0.3","v1.0.3-rc1","v1.3.1","v1.3.1-rc1","v1.3.1-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4863.json","vanir_signatures_modified":"2026-04-12T06:44:51Z","vanir_signatures":[{"source":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","digest":{"threshold":0.9,"line_hashes":["20134740730605791402509200455302630941","136648906070994206943738037015888819806","232356828012318700083917498119399758794","37020882375958065571817200082347569363"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"target":{"file":"src/dec/vp8li_dec.h"},"id":"CVE-2023-4863-3703e29f"},{"source":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","digest":{"threshold":0.9,"line_hashes":["210680425751445647392974712312166516434","31176131428327197556084923347153299803","91413042216609002235528185241791249822","273450130334326004710231764491864605384","97403937494087092732307438335378299067","183915759203804892541396210553818051906","218815111059650688860257620488376646006"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"src/utils/huffman_utils.h"},"id":"CVE-2023-4863-903fc9e4"},{"source":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","digest":{"threshold":0.9,"line_hashes":["271948026291282679915020711765944277644","262252171417285278396190219750969423297","148769860740082019780466540147402480452","210145805502744439188840045708050512589","35045463450424597200053605992676636204","64766116049401205963382856096159133016","199857997552244871809490827006375407869","19508379791752261999511906430439999976","228171279559466439552632197667773266539","151576406092307753477191614656856352818","253045320118918568491627921939403555705","130445939594778113211731509372766920561","120076622227917682491764850393839101917","284362866993109694925581498077114712657","137003821122577824635294804739146166789","112588836660070022639592100708547253158","80951286132688567743133278832665098378","269574673249262310077259878437192371215","252443284945298872410908993903016361511","159257432654087281696134800911303867693","291750083337732318662709987572573616830","169088151181716300303842140093765755918","73550526054077245811164979480865709647","137425105189849639014823927868322683325","291243115522035543821384978063358782303","178642488364606593579676655197420657813","298358522057652572101438670807195076303","296404297189211934789742530714505713594","247530072585474083441594850150604125475","279560637154054723920761559897853486777","202655542227860580080550069313697685541","300383687110456121784217000941022389469","192297749408518192473170605731069214262","283940877786059570739337614271542237873","276748998161991204499405585688807490389","225298851476652200041146005344964915850","25926333490899675358408004217915439110","121271864338623016227831636388829667369","3261922525234354196880407410666053244","93490408030208102553449128636581277522","56169827678954796002461554515733955394","146434498251422795792724255787630145257","180061472657521040892563784991030675291","28456919384561916568486403753570021157","141591542593831588193439876159158717749","143026966034998223926469464146658131125","214863518128816089569328548838396476266","181159102842818032171371684569701144472","100549082727312540877472668665834378775","43581069938430831587912090271434024516","73651109845734901883398747017515852367","115445385881407562798806355037454872759","110463014747451642918800005342832693488","254069557418689661914117668276367867146","328830259662328988457898205652053121965","238858969565005325952513859319399381516","111234782651036060340979675411769789231","172081266457316932040744692285306655916","248566039298899952992969157639115673789","119985745181292829676238729059280428135","167694533597920009083942283657848514212","264725772127853413985386923114761986085","319322622918909763052091702521534025749","298957801119027805276587464952973149993","62837709564002461020449103231436455248","313049931741831224027067891725458321568","234345581826703249538457366286627621387","200300177457112355832449360393082008763","48551747108970203382132381719056013424","274300588330689046282791831363004929420","309105406738991267509915155779836680981","310052527010005599966394898527644151396"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"src/dec/vp8l_dec.c"},"id":"CVE-2023-4863-ccb3931c"},{"source":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","digest":{"threshold":0.9,"line_hashes":["204781606502151800260619611752625644818","185106167987738524761390329650955829619","305816608561040735805928812483133554564","59392845666000361311742466361202540751","163544756746094738569689619927773583208","64351449055211388586989071028165712970","18629077194446828728726317177332368712","223007749125293494574594639015320091978","236680345559470387610260309003459465438","226067468273456595296407121508288106200","321923281581885145865730435223215193746","231666192913856095838086834941208983265","181054860789483302711806005905772321308","79258257990473166470619511931141812522","200328652613175569443260201006420835059","6676361250043582523572721889987948436","200076656036652498604570028039742429935","189120569564892762059446620707941915190","323711977447033501678429042127603698316","269845760469900685143393871538905460386","4720203203833394296686175345248656821","56107595494770414169033152965635542500","220250410205055553327705516994151907780","139029986952383583081732583543121227225","225906645224314157815939602383793184376","155588090218342557940253942580447666642","309051081962351778948184717950795815509","245539949468760808910768168636209190145","244292944973542475936500071963500771088","94475619690918640400365047181728977924","195366773349676590075927548152953695014","279482347794562642676571009996899462113","48927683219126065761174863204405289860","214789503505984548988643500713495921103","25920949994098500062101683129657787955","40948343052415876263205953168564566778","32377182047332644615623785857061877577","213828181346851087381515831448269560908","261689318391222986394302351952710236908"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"target":{"file":"src/utils/huffman_utils.c"},"id":"CVE-2023-4863-ecfb528b"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"116.0.5845.187"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]},{"events":[{"introduced":"0"},{"fixed":"102.15.1"}]},{"events":[{"introduced":"0"},{"fixed":"117.0.1"}]},{"events":[{"introduced":"115.1.0"},{"fixed":"115.2.1"}]},{"events":[{"introduced":"0"},{"fixed":"102.15.1"}]},{"events":[{"introduced":"115.0"},{"fixed":"115.2.2"}]},{"events":[{"introduced":"0"},{"fixed":"116.0.1938.81"}]},{"events":[{"introduced":"0"},{"fixed":"1.6.00.26463"}]},{"events":[{"introduced":"0"},{"fixed":"1.6.00.26474"}]},{"events":[{"introduced":"0"},{"fixed":"1.0.62681.0"}]},{"events":[{"introduced":"0"},{"fixed":"2023.2"}]},{"events":[{"introduced":"0"},{"fixed":"5.51"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}