OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 18:15:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2023-4863 in vendored libwebp (#1780)

Browse Source
This commit is contained in:
Kornel
2023-09-13 15:09:35 +01:00
committed by GitHub
parent 1b75b995e7
commit 0636c357b3
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
crates/libwebp-sys/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,18 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "libwebp-sys"
date = "2023-09-12"
categories = ["memory-corruption"]
keywords = ["webp"]
aliases = ["CVE-2023-4863"]
[versions]
patched = [">= 0.9.3"]
```
# libwebp: OOB write in BuildHuffmanTable
[Google](https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html) and [Mozilla](https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/) have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.
libwebp needs to be updated to include a patch for "OOB write in BuildHuffmanTable".

18
crates/libwebp-sys2/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,18 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "libwebp-sys2"
date = "2023-09-12"
categories = ["memory-corruption"]
keywords = ["webp"]
aliases = ["CVE-2023-4863"]
[versions]
patched = [">= 0.1.8"]
```
# libwebp: OOB write in BuildHuffmanTable
[Google](https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html) and [Mozilla](https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/) have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild.
libwebp needs to be updated to include a patch for "OOB write in BuildHuffmanTable".