← back
CVE-2023-4863

CVE-2023-4863

CVSS 8.8 HIGHEPSS 99.7%● KEVCWE-787
In short

A flaw in the libwebp image library allowed attackers to crash your browser or potentially run malicious code by sending you a specially crafted webpage containing a problematic image. This happens because the library doesn't properly check memory boundaries when processing certain image data.

Technical detail

Heap buffer overflow in libwebp's image processing pipeline permits an unauthenticated remote attacker to write beyond allocated memory bounds via crafted WebP image content embedded in HTML. Exploitation requires only user interaction (visiting a malicious webpage); successful exploitation can lead to arbitrary code execution with browser privileges.

Summary generated and translated by AI from the official description.
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeGoogle · libwebp
public PoCs found14
githubgithub.com/mistymntncop/CVE-2023-4863316githubgithub.com/LiveOverflow/webp-CVE-2023-486354githubgithub.com/caoweiquan322/NotEnough25githubgithub.com/murphysecurity/libwebp-checker21githubgithub.com/bbaranoff/CVE-2023-48636githubgithub.com/GTGalaxi/ElectronVulnerableVersion6githubgithub.com/OITApps/Find-VulnerableElectronVersion5githubgithub.com/huiwen-yayaya/CVE-2023-48633githubgithub.com/talbeerysec/BAD-WEBP-CVE-2023-48633githubgithub.com/Shcesama/cve-2023-4863-analysis2githubgithub.com/CrackerCat/CVE-2023-4863-1githubgithub.com/jpselva/CVE-2023-48630githubgithub.com/pixelotes/lab-cve-2023-48630githubgithub.com/577Industries/aegisgraph0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/https://blog.isosceles.com/the-webp-0day/https://bugzilla.suse.com/show_bug.cgi?id=1215231https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.htmlhttps://crbug.com/1479274https://en.bandisoft.com/honeyview/history/https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17ahttps://github.com/webmproject/libwebp/releases/tag/v1.3.2https://lists.debian.org/debian-lts-announce/2023/09/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2023/09/msg00016.htmlhttps://lists.debian.org/debian-lts-announce/2023/09/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/