CVE-2023-4863

NameCVE-2023-4863
DescriptionHeap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3568-1, DLA-3569-1, DLA-3570-1, DSA-5496-1, DSA-5497-1, DSA-5497-2, DSA-5498-1
Debian Bugs1051787

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium (PTS)buster, buster (security)90.0.4430.212-1~deb10u1vulnerable
bullseye112.0.5615.138-1~deb11u1vulnerable
bullseye (security)117.0.5938.62-1~deb11u1vulnerable
bookworm114.0.5735.198-1~deb12u1vulnerable
bookworm (security)117.0.5938.62-1~deb12u1vulnerable
trixie116.0.5845.140-1vulnerable
sid117.0.5938.62-1fixed
firefox (PTS)sid117.0.1-1fixed
firefox-esr (PTS)buster91.12.0esr-1~deb10u1vulnerable
buster (security)102.15.1esr-1~deb10u1fixed
bullseye102.10.0esr-1~deb11u1vulnerable
bullseye (security)102.15.1esr-1~deb11u1fixed
bookworm102.13.0esr-1~deb12u1vulnerable
bookworm (security)102.15.1esr-1~deb12u1fixed
sid, trixie115.2.1esr-1fixed
libwebp (PTS)buster0.6.1-2+deb10u1vulnerable
buster (security)0.6.1-2+deb10u3fixed
bullseye0.6.1-2.1vulnerable
bullseye (security)0.6.1-2.1+deb11u2fixed
bookworm1.2.4-0.2vulnerable
bookworm (security)1.2.4-0.2+deb12u1fixed
sid, trixie1.3.2-0.3fixed
thunderbird (PTS)buster1:91.12.0-1~deb10u1vulnerable
buster (security)1:102.15.1-1~deb10u1fixed
bullseye1:102.10.0-1~deb11u1vulnerable
bullseye (security)1:102.15.1-1~deb11u1fixed
bookworm1:102.13.0-1~deb12u1vulnerable
bookworm (security)1:102.15.1-1~deb12u1fixed
sid, trixie1:115.2.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromiumsourcebuster(unfixed)end-of-life
chromiumsource(unstable)117.0.5938.62-1unimportant
firefoxsource(unstable)117.0.1-1
firefox-esrsourcebuster102.15.1esr-1~deb10u1DLA-3568-1
firefox-esrsourcebullseye102.15.1esr-1~deb11u1DSA-5496-1
firefox-esrsourcebookworm102.15.1esr-1~deb12u1DSA-5496-1
firefox-esrsource(unstable)115.2.1esr-1
libwebpsourcebuster0.6.1-2+deb10u3DLA-3570-1
libwebpsourcebullseye0.6.1-2.1+deb11u2DSA-5497-2
libwebpsourcebookworm1.2.4-0.2+deb12u1DSA-5497-1
libwebpsource(unstable)1.2.4-0.31051787
thunderbirdsourcebuster1:102.15.1-1~deb10u1DLA-3569-1
thunderbirdsourcebullseye1:102.15.1-1~deb11u1DSA-5498-1
thunderbirdsourcebookworm1:102.15.1-1~deb12u1DSA-5498-1
thunderbirdsource(unstable)1:115.2.2-1

Notes

[buster] - chromium <end-of-life> (see DSA 5046)
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
src:chromium builds against the system libwebp library
Fixed by: https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/
Followup: https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/#CVE-2023-4863

Search for package or bug name: Reporting problems