CVE-2023-4863

NameCVE-2023-4863
DescriptionHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3568-1, DLA-3569-1, DLA-3570-1, DSA-5496-1, DSA-5497-1, DSA-5497-2, DSA-5498-1
Debian Bugs1051787

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium (PTS)bullseye (security), bullseye120.0.6099.224-1~deb11u1fixed
bookworm130.0.6723.91-1~deb12u1fixed
bookworm (security)130.0.6723.116-1~deb12u1fixed
trixie130.0.6723.91-2fixed
sid130.0.6723.116-1fixed
firefox (PTS)sid132.0.2-1fixed
firefox-esr (PTS)bullseye115.14.0esr-1~deb11u1fixed
bullseye (security)128.4.0esr-1~deb11u1fixed
bookworm128.3.1esr-1~deb12u1fixed
bookworm (security)128.4.0esr-1~deb12u1fixed
sid, trixie128.4.0esr-1fixed
libwebp (PTS)bullseye (security), bullseye0.6.1-2.1+deb11u2fixed
bookworm, bookworm (security)1.2.4-0.2+deb12u1fixed
sid, trixie1.4.0-0.1fixed
thunderbird (PTS)bullseye1:115.12.0-1~deb11u1fixed
bullseye (security)1:128.4.3esr-1~deb11u1fixed
bookworm1:115.16.0esr-1~deb12u1fixed
bookworm (security)1:128.4.3esr-1~deb12u1fixed
sid, trixie1:128.4.3esr-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromiumsourcebuster(unfixed)end-of-life
chromiumsource(unstable)117.0.5938.62-1unimportant
firefoxsource(unstable)117.0.1-1
firefox-esrsourcebuster102.15.1esr-1~deb10u1DLA-3568-1
firefox-esrsourcebullseye102.15.1esr-1~deb11u1DSA-5496-1
firefox-esrsourcebookworm102.15.1esr-1~deb12u1DSA-5496-1
firefox-esrsource(unstable)115.2.1esr-1
libwebpsourcebuster0.6.1-2+deb10u3DLA-3570-1
libwebpsourcebullseye0.6.1-2.1+deb11u2DSA-5497-2
libwebpsourcebookworm1.2.4-0.2+deb12u1DSA-5497-1
libwebpsource(unstable)1.2.4-0.31051787
thunderbirdsourcebuster1:102.15.1-1~deb10u1DLA-3569-1
thunderbirdsourcebullseye1:102.15.1-1~deb11u1DSA-5498-1
thunderbirdsourcebookworm1:102.15.1-1~deb12u1DSA-5498-1
thunderbirdsource(unstable)1:115.2.2-1

Notes

[buster] - chromium <end-of-life> (see DSA 5046)
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
src:chromium builds against the system libwebp library
Fixed by: https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/
Followup: https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/#CVE-2023-4863

Search for package or bug name: Reporting problems