CVE-2023-4863

NameCVE-2023-4863
DescriptionHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3568-1, DLA-3569-1, DLA-3570-1, DSA-5496-1, DSA-5497-1, DSA-5497-2, DSA-5498-1
Debian Bugs1051787

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium (PTS)buster, buster (security)90.0.4430.212-1~deb10u1vulnerable
bullseye (security), bullseye120.0.6099.224-1~deb11u1fixed
bookworm121.0.6167.139-1~deb12u1fixed
bookworm (security)126.0.6478.56-1~deb12u1fixed
trixie125.0.6422.60-1fixed
sid126.0.6478.56-1fixed
firefox (PTS)sid127.0-1fixed
firefox-esr (PTS)buster91.12.0esr-1~deb10u1vulnerable
buster (security)115.12.0esr-1~deb10u1fixed
bullseye115.7.0esr-1~deb11u1fixed
bullseye (security)115.12.0esr-1~deb11u1fixed
bookworm115.7.0esr-1~deb12u1fixed
bookworm (security)115.12.0esr-1~deb12u1fixed
trixie115.11.0esr-1fixed
sid115.12.0esr-1fixed
libwebp (PTS)buster0.6.1-2+deb10u1vulnerable
buster (security)0.6.1-2+deb10u3fixed
bullseye (security), bullseye0.6.1-2.1+deb11u2fixed
bookworm, bookworm (security)1.2.4-0.2+deb12u1fixed
sid, trixie1.4.0-0.1fixed
thunderbird (PTS)buster1:91.12.0-1~deb10u1vulnerable
buster (security)1:115.12.0-1~deb10u1fixed
bullseye1:115.7.0-1~deb11u1fixed
bullseye (security)1:115.11.0-1~deb11u1fixed
bookworm1:115.7.0-1~deb12u1fixed
bookworm (security)1:115.11.0-1~deb12u1fixed
trixie1:115.11.0-1fixed
sid1:115.12.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromiumsourcebuster(unfixed)end-of-life
chromiumsource(unstable)117.0.5938.62-1unimportant
firefoxsource(unstable)117.0.1-1
firefox-esrsourcebuster102.15.1esr-1~deb10u1DLA-3568-1
firefox-esrsourcebullseye102.15.1esr-1~deb11u1DSA-5496-1
firefox-esrsourcebookworm102.15.1esr-1~deb12u1DSA-5496-1
firefox-esrsource(unstable)115.2.1esr-1
libwebpsourcebuster0.6.1-2+deb10u3DLA-3570-1
libwebpsourcebullseye0.6.1-2.1+deb11u2DSA-5497-2
libwebpsourcebookworm1.2.4-0.2+deb12u1DSA-5497-1
libwebpsource(unstable)1.2.4-0.31051787
thunderbirdsourcebuster1:102.15.1-1~deb10u1DLA-3569-1
thunderbirdsourcebullseye1:102.15.1-1~deb11u1DSA-5498-1
thunderbirdsourcebookworm1:102.15.1-1~deb12u1DSA-5498-1
thunderbirdsource(unstable)1:115.2.2-1

Notes

[buster] - chromium <end-of-life> (see DSA 5046)
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
src:chromium builds against the system libwebp library
Fixed by: https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/
Followup: https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/#CVE-2023-4863

Search for package or bug name: Reporting problems