Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5189: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process “WebP” image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Red Hat Security Data
#vulnerability#web#linux#red_hat#git#java#buffer_overflow#ibm#sap

Synopsis

Important: libwebp security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.

Security Fix(es):

  • libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

libwebp-1.0.0-7.el8_6.1.src.rpm

SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f

x86_64

libwebp-1.0.0-7.el8_6.1.i686.rpm

SHA-256: ea920c2d0cad23cd5bca3594a47777f14939b5521acf0cfd0ebf8c64730d5d33

libwebp-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: ba34eb369b9ce816355db7acdc1bfd98c6305f4633e57bca5dfea9482b6f205f

libwebp-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 3fb109d12d7435eb7e10c3874cae2c9bdf7097b9c984bda2c9bdfb956e85a851

libwebp-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: a98aaf6066fb85e98859af3cc335beb693d604e86d924fdffac4077147af660a

libwebp-debugsource-1.0.0-7.el8_6.1.i686.rpm

SHA-256: b4c97f75145c8090d8a09b45d314827156136044fd9f6d62cbcff5160848337a

libwebp-debugsource-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: b863587fba452f8d6ef58b4bfb9d1f8ee8040dbced0a7b3aded44b1c1678903e

libwebp-devel-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 9c03bb5b143d81f0abb49654e666a46b29458ae98f02a2832564100a4d4dd605

libwebp-devel-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 8f76652dfcc3a76fdded08fdba5faa56a465bfcda682b599ef9a862e53d635bf

libwebp-java-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: cc6df9be604550dca3ee134dd9c83a3f25c03c251f62a860605713ea1cc0795f

libwebp-java-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 8228b0ee038f822708f4da3f8a9c119f72091512dc6f5897801b2c9cf304e146

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 51f647b9b82dc9726ad440f18ab50d12c1cbae004ca0eba6e88c3c7e03c4d515

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 729444f349fd1ea91066d9103b13c1d5cffa5483f1749e6f0a50d44d10c52b79

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

libwebp-1.0.0-7.el8_6.1.src.rpm

SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f

x86_64

libwebp-1.0.0-7.el8_6.1.i686.rpm

SHA-256: ea920c2d0cad23cd5bca3594a47777f14939b5521acf0cfd0ebf8c64730d5d33

libwebp-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: ba34eb369b9ce816355db7acdc1bfd98c6305f4633e57bca5dfea9482b6f205f

libwebp-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 3fb109d12d7435eb7e10c3874cae2c9bdf7097b9c984bda2c9bdfb956e85a851

libwebp-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: a98aaf6066fb85e98859af3cc335beb693d604e86d924fdffac4077147af660a

libwebp-debugsource-1.0.0-7.el8_6.1.i686.rpm

SHA-256: b4c97f75145c8090d8a09b45d314827156136044fd9f6d62cbcff5160848337a

libwebp-debugsource-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: b863587fba452f8d6ef58b4bfb9d1f8ee8040dbced0a7b3aded44b1c1678903e

libwebp-devel-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 9c03bb5b143d81f0abb49654e666a46b29458ae98f02a2832564100a4d4dd605

libwebp-devel-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 8f76652dfcc3a76fdded08fdba5faa56a465bfcda682b599ef9a862e53d635bf

libwebp-java-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: cc6df9be604550dca3ee134dd9c83a3f25c03c251f62a860605713ea1cc0795f

libwebp-java-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 8228b0ee038f822708f4da3f8a9c119f72091512dc6f5897801b2c9cf304e146

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 51f647b9b82dc9726ad440f18ab50d12c1cbae004ca0eba6e88c3c7e03c4d515

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 729444f349fd1ea91066d9103b13c1d5cffa5483f1749e6f0a50d44d10c52b79

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

libwebp-1.0.0-7.el8_6.1.src.rpm

SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f

s390x

libwebp-1.0.0-7.el8_6.1.s390x.rpm

SHA-256: 83babcd9204723e4fe7f0788552184e036e980a96ddaa1d84eded6e7b4936f9d

libwebp-debuginfo-1.0.0-7.el8_6.1.s390x.rpm

SHA-256: 8d7ba2ea41211a3879a4216b1ce2568c3814251bdc436e02bc4b4acf0b1e3ec5

libwebp-debugsource-1.0.0-7.el8_6.1.s390x.rpm

SHA-256: a07e5723a56576077ed3e766938a2cda94e088a6f2ee2033dc18b4df4adae274

libwebp-devel-1.0.0-7.el8_6.1.s390x.rpm

SHA-256: 5e56317e552e9365b064eeacceb56c8007179c8769431b11e72d907ab75ac07b

libwebp-java-debuginfo-1.0.0-7.el8_6.1.s390x.rpm

SHA-256: bc3c14c4dac60ab3bc63a4377b8ff751880f69fec0b063d58d700d5949321dc8

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.s390x.rpm

SHA-256: 4f9f452328b231c3c1d4dbf5fafad115fff18b07ae3192a2747d36c903cdebd3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

libwebp-1.0.0-7.el8_6.1.src.rpm

SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f

ppc64le

libwebp-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: a930b501efb8ec5572b4145e3fb6de3ef687fb524c6fbe19d7dc07088eb97516

libwebp-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: d2bf3b4c00f9b30c515ef72e8caa04285b37620afa2a5c0ab493e7a13755da79

libwebp-debugsource-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: 3095539ea895761bf75609e194eb950de6f90f99d3e06a9eaa800534f89c2325

libwebp-devel-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: b4c79e74fd95fea7eb2694edd67a33eb65215cd90875fb8d612aea4f143372cc

libwebp-java-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: b4cd0871adbbb53d4b0c9bf9219b4a545de5ea2de9c69713ea65b17088394f8a

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: 168fe1d34bcb4371ac702ff6e0704f5def185035fd51ded264f4f217a21a05cf

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

libwebp-1.0.0-7.el8_6.1.src.rpm

SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f

x86_64

libwebp-1.0.0-7.el8_6.1.i686.rpm

SHA-256: ea920c2d0cad23cd5bca3594a47777f14939b5521acf0cfd0ebf8c64730d5d33

libwebp-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: ba34eb369b9ce816355db7acdc1bfd98c6305f4633e57bca5dfea9482b6f205f

libwebp-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 3fb109d12d7435eb7e10c3874cae2c9bdf7097b9c984bda2c9bdfb956e85a851

libwebp-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: a98aaf6066fb85e98859af3cc335beb693d604e86d924fdffac4077147af660a

libwebp-debugsource-1.0.0-7.el8_6.1.i686.rpm

SHA-256: b4c97f75145c8090d8a09b45d314827156136044fd9f6d62cbcff5160848337a

libwebp-debugsource-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: b863587fba452f8d6ef58b4bfb9d1f8ee8040dbced0a7b3aded44b1c1678903e

libwebp-devel-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 9c03bb5b143d81f0abb49654e666a46b29458ae98f02a2832564100a4d4dd605

libwebp-devel-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 8f76652dfcc3a76fdded08fdba5faa56a465bfcda682b599ef9a862e53d635bf

libwebp-java-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: cc6df9be604550dca3ee134dd9c83a3f25c03c251f62a860605713ea1cc0795f

libwebp-java-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 8228b0ee038f822708f4da3f8a9c119f72091512dc6f5897801b2c9cf304e146

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 51f647b9b82dc9726ad440f18ab50d12c1cbae004ca0eba6e88c3c7e03c4d515

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 729444f349fd1ea91066d9103b13c1d5cffa5483f1749e6f0a50d44d10c52b79

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

libwebp-1.0.0-7.el8_6.1.src.rpm

SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f

aarch64

libwebp-1.0.0-7.el8_6.1.aarch64.rpm

SHA-256: 7fd3d55b81a405f94e6bd8a81a80373ce4526f4013545e830e83cbcf9df0e520

libwebp-debuginfo-1.0.0-7.el8_6.1.aarch64.rpm

SHA-256: 5cb12037fe6b4b7cceba000ae81ccf63fe396cebc86d83d7272126365bbb19b1

libwebp-debugsource-1.0.0-7.el8_6.1.aarch64.rpm

SHA-256: c4723bea24bd2e5971bf4ace539bd70a88f043e75b6c3be925f4cab8a4e9ba46

libwebp-devel-1.0.0-7.el8_6.1.aarch64.rpm

SHA-256: 897d2fdd13aea5011d24a6fb98edccb4521138a024bd3119341048a59596330e

libwebp-java-debuginfo-1.0.0-7.el8_6.1.aarch64.rpm

SHA-256: 337e145c1045ac106fb89384fb5be73774c9426decc534b191d28386f33c4290

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.aarch64.rpm

SHA-256: b5b406040f6a2aa04661d92edd4b94deb33da265e0abcaa4861130b2d395c78b

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

libwebp-1.0.0-7.el8_6.1.src.rpm

SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f

ppc64le

libwebp-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: a930b501efb8ec5572b4145e3fb6de3ef687fb524c6fbe19d7dc07088eb97516

libwebp-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: d2bf3b4c00f9b30c515ef72e8caa04285b37620afa2a5c0ab493e7a13755da79

libwebp-debugsource-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: 3095539ea895761bf75609e194eb950de6f90f99d3e06a9eaa800534f89c2325

libwebp-devel-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: b4c79e74fd95fea7eb2694edd67a33eb65215cd90875fb8d612aea4f143372cc

libwebp-java-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: b4cd0871adbbb53d4b0c9bf9219b4a545de5ea2de9c69713ea65b17088394f8a

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm

SHA-256: 168fe1d34bcb4371ac702ff6e0704f5def185035fd51ded264f4f217a21a05cf

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

libwebp-1.0.0-7.el8_6.1.src.rpm

SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f

x86_64

libwebp-1.0.0-7.el8_6.1.i686.rpm

SHA-256: ea920c2d0cad23cd5bca3594a47777f14939b5521acf0cfd0ebf8c64730d5d33

libwebp-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: ba34eb369b9ce816355db7acdc1bfd98c6305f4633e57bca5dfea9482b6f205f

libwebp-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 3fb109d12d7435eb7e10c3874cae2c9bdf7097b9c984bda2c9bdfb956e85a851

libwebp-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: a98aaf6066fb85e98859af3cc335beb693d604e86d924fdffac4077147af660a

libwebp-debugsource-1.0.0-7.el8_6.1.i686.rpm

SHA-256: b4c97f75145c8090d8a09b45d314827156136044fd9f6d62cbcff5160848337a

libwebp-debugsource-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: b863587fba452f8d6ef58b4bfb9d1f8ee8040dbced0a7b3aded44b1c1678903e

libwebp-devel-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 9c03bb5b143d81f0abb49654e666a46b29458ae98f02a2832564100a4d4dd605

libwebp-devel-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 8f76652dfcc3a76fdded08fdba5faa56a465bfcda682b599ef9a862e53d635bf

libwebp-java-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: cc6df9be604550dca3ee134dd9c83a3f25c03c251f62a860605713ea1cc0795f

libwebp-java-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 8228b0ee038f822708f4da3f8a9c119f72091512dc6f5897801b2c9cf304e146

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.i686.rpm

SHA-256: 51f647b9b82dc9726ad440f18ab50d12c1cbae004ca0eba6e88c3c7e03c4d515

libwebp-tools-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm

SHA-256: 729444f349fd1ea91066d9103b13c1d5cffa5483f1749e6f0a50d44d10c52b79

Related news

Insights into your unpatched vulnerabilities

Malwarebytes is offering customers its ThreatDown Vulnerability Assessment solution without extra costs to help reduce attack surfaces and improve their security posture

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0 Valhall GPU Kernel Driver: All versions from r19p0 -

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can

Red Hat Security Advisory 2023-5236-01

Red Hat Security Advisory 2023-5236-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5223-01

Red Hat Security Advisory 2023-5223-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Issues addressed include a buffer overflow vulnerability.

RHSA-2023:5222: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

RHSA-2023:5205: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

RHSA-2023:5192: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker cou...

Debian Security Advisory 5497-2

Debian Linux Security Advisory 5497-2 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

RHSA-2023:5190: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw ...

RHSA-2023:5188: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

Ubuntu Security Notice USN-6369-1

Ubuntu Security Notice 6369-1 - It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6368-1

Ubuntu Security Notice 6368-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. It was discovered that Thunderbird did not properly manage memory when handling WebP images. If a user were tricked into opening a malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.

Debian Security Advisory 5497-1

Debian Linux Security Advisory 5497-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

Ubuntu Security Notice USN-6367-1

Ubuntu Security Notice 6367-1 - It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.

Debian Security Advisory 5496-1

Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

CVE-2023-4863

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR

Update Chrome now! Google patches critical vulnerability being exploited in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more...) The post Update Chrome now! Google patches critical vulnerability being exploited in the wild appeared first on Malwarebytes Labs.