CVE-2023-4863 (GCVE-0-2023-4863)

Vulnerability from cvelistv5 – Published: 2023-09-12 14:24 – Updated: 2025-10-21 23:05
VLAI CISA KEV
Summary
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Severity
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
  • Heap buffer overflow
Assigner
References
URL Tags
https://chromereleases.googleblog.com/2023/09/sta…
https://crbug.com/1479274
https://en.bandisoft.com/honeyview/history/
https://stackdiary.com/critical-vulnerability-in-…
https://www.mozilla.org/en-US/security/advisories…
https://github.com/webmproject/libwebp/commit/902…
https://msrc.microsoft.com/update-guide/vulnerabi…
https://security-tracker.debian.org/tracker/CVE-2…
https://bugzilla.suse.com/show_bug.cgi?id=1215231
https://news.ycombinator.com/item?id=37478403
https://www.bleepingcomputer.com/news/google/goog…
https://www.debian.org/security/2023/dsa-5496
https://www.debian.org/security/2023/dsa-5497
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.debian.org/debian-lts-announce/2023…
https://lists.fedoraproject.org/archives/list/pac…
https://www.debian.org/security/2023/dsa-5498
https://security.gentoo.org/glsa/202309-05
https://lists.debian.org/debian-lts-announce/2023…
https://lists.fedoraproject.org/archives/list/pac…
https://adamcaudill.com/2023/09/14/whose-cve-is-i…
https://github.com/webmproject/libwebp/releases/t…
https://lists.debian.org/debian-lts-announce/2023…
https://lists.fedoraproject.org/archives/list/pac…
http://www.openwall.com/lists/oss-security/2023/09/21/4
https://blog.isosceles.com/the-webp-0day/
http://www.openwall.com/lists/oss-security/2023/09/22/1
http://www.openwall.com/lists/oss-security/2023/09/22/3
http://www.openwall.com/lists/oss-security/2023/09/22/4
http://www.openwall.com/lists/oss-security/2023/09/22/5
http://www.openwall.com/lists/oss-security/2023/09/22/8
http://www.openwall.com/lists/oss-security/2023/09/22/7
http://www.openwall.com/lists/oss-security/2023/09/22/6
http://www.openwall.com/lists/oss-security/2023/09/26/1
http://www.openwall.com/lists/oss-security/2023/09/26/7
http://www.openwall.com/lists/oss-security/2023/09/28/1
http://www.openwall.com/lists/oss-security/2023/09/28/2
http://www.openwall.com/lists/oss-security/2023/09/28/4
https://security.netapp.com/advisory/ntap-2023092…
https://lists.fedoraproject.org/archives/list/pac…
https://sethmlarson.dev/security-developer-in-res…
https://www.bentley.com/advisories/be-2023-0001/
https://security.gentoo.org/glsa/202401-10
Impacted products
Vendor Product Version
Google Chrome Affected: 116.0.5845.187 , < 116.0.5845.187 (custom)
Create a notification for this product.
Google libwebp Affected: 1.3.2 , < 1.3.2 (custom)
Create a notification for this product.
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 75d8c2b1-8c26-406a-b06a-7d4b7a0a022c

Vulnerability ID: CVE-2023-4863

Status: Confirmed

Status Updated: 2023-09-13 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2023-09-13
Asserted: 2023-09-13
Scope
Notes: KEV entry: Google Chromium WebP Heap-Based Buffer Overflow Vulnerability | Affected: Google / Chromium WebP | Description: Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-787
Feed CISA Known Exploited Vulnerabilities Catalog
Product Chromium WebP
Due Date 2023-10-04
Date Added 2023-09-13
Vendorproject Google
Vulnerabilityname Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-02-02 13:24 UTC | Updated: 2026-02-06 07:53 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-19T07:48:10.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/1479274"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://en.bandisoft.com/honeyview/history/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37478403"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5496"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5497"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5498"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.isosceles.com/the-webp-0day/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bentley.com/advisories/be-2023-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-10"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-4863",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-28T05:00:18.341149Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-09-13",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:38.429Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-09-13T00:00:00.000Z",
            "value": "CVE-2023-4863 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "116.0.5845.187",
              "status": "affected",
              "version": "116.0.5845.187",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "libwebp",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "1.3.2",
              "status": "affected",
              "version": "1.3.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-07T11:07:27.027Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
        },
        {
          "url": "https://crbug.com/1479274"
        },
        {
          "url": "https://en.bandisoft.com/honeyview/history/"
        },
        {
          "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
        },
        {
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
        },
        {
          "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
        },
        {
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37478403"
        },
        {
          "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5496"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5497"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5498"
        },
        {
          "url": "https://security.gentoo.org/glsa/202309-05"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
        },
        {
          "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
        },
        {
          "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
        },
        {
          "url": "https://blog.isosceles.com/the-webp-0day/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
        },
        {
          "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
        },
        {
          "url": "https://www.bentley.com/advisories/be-2023-0001/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2023-4863",
    "datePublished": "2023-09-12T14:24:59.275Z",
    "dateReserved": "2023-09-09T01:02:58.312Z",
    "dateUpdated": "2025-10-21T23:05:38.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-4863",
      "cwes": "[\"CWE-787\"]",
      "dateAdded": "2023-09-13",
      "dueDate": "2023-10-04",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
      "product": "Chromium WebP",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.",
      "vendorProject": "Google",
      "vulnerabilityName": "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability"
    },
    "epss": {
      "cve": "CVE-2023-4863",
      "date": "2026-05-28",
      "epss": "0.93301",
      "percentile": "0.99815"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4863\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-09-12T15:15:24.327\",\"lastModified\":\"2025-10-24T14:07:28.793\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)\"},{\"lang\":\"es\",\"value\":\"El desbordamiento del b\u00fafer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permit\u00eda a un atacante remoto realizar una escritura en memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: cr\u00edtica)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-09-13\",\"cisaActionDue\":\"2023-10-04\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Google Chromium WebP Heap-Based Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.5845.187\",\"matchCriteriaId\":\"856C1821-5D22-4A4E-859D-8F5305255AB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"102.15.1\",\"matchCriteriaId\":\"54B8855E-19B9-4D20-9B93-A5219F077335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"117.0.1\",\"matchCriteriaId\":\"FBA8858E-AB6C-4708-820D-3F9D8D5A077F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"115.1.0\",\"versionEndExcluding\":\"115.2.1\",\"matchCriteriaId\":\"6C494574-4187-4BC7-816B-6C1C288D711E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.15.1\",\"matchCriteriaId\":\"A073724D-52BD-4426-B58D-7A8BD24B8F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"115.0\",\"versionEndExcluding\":\"115.2.2\",\"matchCriteriaId\":\"952BEC0C-2DB0-476A-AF62-1269F8635B4A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.1938.81\",\"matchCriteriaId\":\"0C8F8BD1-1D13-4605-BF19-E4292E2D6A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:teams:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"1.6.00.26463\",\"matchCriteriaId\":\"11C16818-7453-46CB-89C2-2A4D4452A198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:teams:*:*:*:*:desktop:*:*:*\",\"versionEndExcluding\":\"1.6.00.26474\",\"matchCriteriaId\":\"46625A28-312D-4406-87AE-8A7C93222A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:webp_image_extension:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.62681.0\",\"matchCriteriaId\":\"201D3850-75A4-4CB4-A312-B01BF51C7C8A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"2804DDE4-B0A4-4B7F-A318-F491B6316B34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.2\",\"matchCriteriaId\":\"E50A797C-2C6C-46A5-A9D0-8CD877EBA3CD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bandisoft:honeyview:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.51\",\"matchCriteriaId\":\"A9D1BE06-A20B-43F3-B78D-21F2FF20026C\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/21/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/3\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/5\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/6\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/7\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/8\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/7\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/2\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.isosceles.com/the-webp-0day/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1215231\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1479274\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://en.bandisoft.com/honeyview/history/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37478403\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-4863\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-05\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230929-0011/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bentley.com/advisories/be-2023-0001/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5496\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5497\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5498\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/21/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.isosceles.com/the-webp-0day/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1215231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1479274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://en.bandisoft.com/honeyview/history/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37478403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230929-0011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bentley.com/advisories/be-2023-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5498\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crbug.com/1479274\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://en.bandisoft.com/honeyview/history/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-4863\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1215231\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37478403\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5496\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5497\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5498\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-05\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/21/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.isosceles.com/the-webp-0day/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230929-0011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bentley.com/advisories/be-2023-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-19T07:48:10.265Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4863\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-11-28T05:00:18.341149Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-09-13\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-09-13T00:00:00.000Z\", \"value\": \"CVE-2023-4863 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T14:04:35.481Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"116.0.5845.187\", \"lessThan\": \"116.0.5845.187\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Google\", \"product\": \"libwebp\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.3.2\", \"lessThan\": \"1.3.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\"}, {\"url\": \"https://crbug.com/1479274\"}, {\"url\": \"https://en.bandisoft.com/honeyview/history/\"}, {\"url\": \"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\"}, {\"url\": \"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\"}, {\"url\": \"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-4863\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1215231\"}, {\"url\": \"https://news.ycombinator.com/item?id=37478403\"}, {\"url\": \"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5496\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5497\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5498\"}, {\"url\": \"https://security.gentoo.org/glsa/202309-05\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\"}, {\"url\": \"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\"}, {\"url\": \"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/21/4\"}, {\"url\": \"https://blog.isosceles.com/the-webp-0day/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/3\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/5\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/8\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/7\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/6\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/7\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/4\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230929-0011/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\"}, {\"url\": \"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\"}, {\"url\": \"https://www.bentley.com/advisories/be-2023-0001/\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Heap buffer overflow\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-01-07T11:07:27.027Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4863\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:38.429Z\", \"dateReserved\": \"2023-09-09T01:02:58.312Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2023-09-12T14:24:59.275Z\", \"assignerShortName\": \"Chrome\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.