CVE-2023-1999

NameCVE-2023-1999
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3391-1, DLA-3400-1, DLA-3439-1, DSA-5385-1, DSA-5392-1, DSA-5408-1
Debian Bugs1035371

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid114.0-1fixed
firefox-esr (PTS)buster91.12.0esr-1~deb10u1vulnerable
buster (security)102.12.0esr-1~deb10u1fixed
bullseye102.10.0esr-1~deb11u1fixed
bullseye (security)102.11.0esr-1~deb11u1fixed
bookworm102.11.0esr-1fixed
sid102.12.0esr-1fixed
libwebp (PTS)buster0.6.1-2+deb10u1vulnerable
buster (security)0.6.1-2+deb10u2fixed
bullseye0.6.1-2.1vulnerable
bullseye (security)0.6.1-2.1+deb11u1fixed
bookworm, sid1.2.4-0.2fixed
thunderbird (PTS)buster1:91.12.0-1~deb10u1vulnerable
buster (security)1:102.11.0-1~deb10u1fixed
bullseye1:102.10.0-1~deb11u1fixed
bullseye (security)1:102.11.0-1~deb11u1fixed
bookworm, sid1:102.11.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)112.0-1
firefox-esrsourcebuster102.10.0esr-1~deb10u1DLA-3391-1
firefox-esrsourcebullseye102.10.0esr-1~deb11u1DSA-5385-1
firefox-esrsource(unstable)102.10.0esr-1
libwebpsourcebuster0.6.1-2+deb10u2DLA-3439-1
libwebpsourcebullseye0.6.1-2.1+deb11u1DSA-5408-1
libwebpsource(unstable)1.2.4-0.21035371
thunderbirdsourcebuster1:102.10.0-1~deb10u1DLA-3400-1
thunderbirdsourcebullseye1:102.10.0-1~deb11u1DSA-5392-1
thunderbirdsource(unstable)1:102.10.0-1

Notes

https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999
https://bugzilla.mozilla.org/show_bug.cgi?id=1819244 (not public)
https://hg.mozilla.org/releases/mozilla-esr102/rev/53b805c752ff23080e100eda2b3b4280d4370b2e
https://chromium.googlesource.com/webm/libwebp/+/4654e1e7381044717d5d3e0dd7e735633a3ff300 (1.3.0)
Fixed by: https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129 (v1.3.1-rc1)
Introduced by: https://github.com/webmproject/libwebp/commit/187d379db68839f76d1390be291c471f2f66644c (v0.5.0-rc1)
Introduced by: https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f (backport; v0.4.2-rc2)
Search for package or bug name: Reporting problems