Headline
RHSA-2023:5189: Red Hat Security Advisory: libwebp security update
An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process “WebP” image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Synopsis
Important: libwebp security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
- libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
libwebp-1.0.0-7.el8_6.1.src.rpm
SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f
x86_64
libwebp-1.0.0-7.el8_6.1.i686.rpm
SHA-256: ea920c2d0cad23cd5bca3594a47777f14939b5521acf0cfd0ebf8c64730d5d33
libwebp-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: ba34eb369b9ce816355db7acdc1bfd98c6305f4633e57bca5dfea9482b6f205f
libwebp-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 3fb109d12d7435eb7e10c3874cae2c9bdf7097b9c984bda2c9bdfb956e85a851
libwebp-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: a98aaf6066fb85e98859af3cc335beb693d604e86d924fdffac4077147af660a
libwebp-debugsource-1.0.0-7.el8_6.1.i686.rpm
SHA-256: b4c97f75145c8090d8a09b45d314827156136044fd9f6d62cbcff5160848337a
libwebp-debugsource-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: b863587fba452f8d6ef58b4bfb9d1f8ee8040dbced0a7b3aded44b1c1678903e
libwebp-devel-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 9c03bb5b143d81f0abb49654e666a46b29458ae98f02a2832564100a4d4dd605
libwebp-devel-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 8f76652dfcc3a76fdded08fdba5faa56a465bfcda682b599ef9a862e53d635bf
libwebp-java-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: cc6df9be604550dca3ee134dd9c83a3f25c03c251f62a860605713ea1cc0795f
libwebp-java-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 8228b0ee038f822708f4da3f8a9c119f72091512dc6f5897801b2c9cf304e146
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 51f647b9b82dc9726ad440f18ab50d12c1cbae004ca0eba6e88c3c7e03c4d515
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 729444f349fd1ea91066d9103b13c1d5cffa5483f1749e6f0a50d44d10c52b79
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
libwebp-1.0.0-7.el8_6.1.src.rpm
SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f
x86_64
libwebp-1.0.0-7.el8_6.1.i686.rpm
SHA-256: ea920c2d0cad23cd5bca3594a47777f14939b5521acf0cfd0ebf8c64730d5d33
libwebp-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: ba34eb369b9ce816355db7acdc1bfd98c6305f4633e57bca5dfea9482b6f205f
libwebp-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 3fb109d12d7435eb7e10c3874cae2c9bdf7097b9c984bda2c9bdfb956e85a851
libwebp-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: a98aaf6066fb85e98859af3cc335beb693d604e86d924fdffac4077147af660a
libwebp-debugsource-1.0.0-7.el8_6.1.i686.rpm
SHA-256: b4c97f75145c8090d8a09b45d314827156136044fd9f6d62cbcff5160848337a
libwebp-debugsource-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: b863587fba452f8d6ef58b4bfb9d1f8ee8040dbced0a7b3aded44b1c1678903e
libwebp-devel-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 9c03bb5b143d81f0abb49654e666a46b29458ae98f02a2832564100a4d4dd605
libwebp-devel-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 8f76652dfcc3a76fdded08fdba5faa56a465bfcda682b599ef9a862e53d635bf
libwebp-java-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: cc6df9be604550dca3ee134dd9c83a3f25c03c251f62a860605713ea1cc0795f
libwebp-java-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 8228b0ee038f822708f4da3f8a9c119f72091512dc6f5897801b2c9cf304e146
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 51f647b9b82dc9726ad440f18ab50d12c1cbae004ca0eba6e88c3c7e03c4d515
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 729444f349fd1ea91066d9103b13c1d5cffa5483f1749e6f0a50d44d10c52b79
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
libwebp-1.0.0-7.el8_6.1.src.rpm
SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f
s390x
libwebp-1.0.0-7.el8_6.1.s390x.rpm
SHA-256: 83babcd9204723e4fe7f0788552184e036e980a96ddaa1d84eded6e7b4936f9d
libwebp-debuginfo-1.0.0-7.el8_6.1.s390x.rpm
SHA-256: 8d7ba2ea41211a3879a4216b1ce2568c3814251bdc436e02bc4b4acf0b1e3ec5
libwebp-debugsource-1.0.0-7.el8_6.1.s390x.rpm
SHA-256: a07e5723a56576077ed3e766938a2cda94e088a6f2ee2033dc18b4df4adae274
libwebp-devel-1.0.0-7.el8_6.1.s390x.rpm
SHA-256: 5e56317e552e9365b064eeacceb56c8007179c8769431b11e72d907ab75ac07b
libwebp-java-debuginfo-1.0.0-7.el8_6.1.s390x.rpm
SHA-256: bc3c14c4dac60ab3bc63a4377b8ff751880f69fec0b063d58d700d5949321dc8
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.s390x.rpm
SHA-256: 4f9f452328b231c3c1d4dbf5fafad115fff18b07ae3192a2747d36c903cdebd3
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
libwebp-1.0.0-7.el8_6.1.src.rpm
SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f
ppc64le
libwebp-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: a930b501efb8ec5572b4145e3fb6de3ef687fb524c6fbe19d7dc07088eb97516
libwebp-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: d2bf3b4c00f9b30c515ef72e8caa04285b37620afa2a5c0ab493e7a13755da79
libwebp-debugsource-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: 3095539ea895761bf75609e194eb950de6f90f99d3e06a9eaa800534f89c2325
libwebp-devel-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: b4c79e74fd95fea7eb2694edd67a33eb65215cd90875fb8d612aea4f143372cc
libwebp-java-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: b4cd0871adbbb53d4b0c9bf9219b4a545de5ea2de9c69713ea65b17088394f8a
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: 168fe1d34bcb4371ac702ff6e0704f5def185035fd51ded264f4f217a21a05cf
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
libwebp-1.0.0-7.el8_6.1.src.rpm
SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f
x86_64
libwebp-1.0.0-7.el8_6.1.i686.rpm
SHA-256: ea920c2d0cad23cd5bca3594a47777f14939b5521acf0cfd0ebf8c64730d5d33
libwebp-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: ba34eb369b9ce816355db7acdc1bfd98c6305f4633e57bca5dfea9482b6f205f
libwebp-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 3fb109d12d7435eb7e10c3874cae2c9bdf7097b9c984bda2c9bdfb956e85a851
libwebp-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: a98aaf6066fb85e98859af3cc335beb693d604e86d924fdffac4077147af660a
libwebp-debugsource-1.0.0-7.el8_6.1.i686.rpm
SHA-256: b4c97f75145c8090d8a09b45d314827156136044fd9f6d62cbcff5160848337a
libwebp-debugsource-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: b863587fba452f8d6ef58b4bfb9d1f8ee8040dbced0a7b3aded44b1c1678903e
libwebp-devel-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 9c03bb5b143d81f0abb49654e666a46b29458ae98f02a2832564100a4d4dd605
libwebp-devel-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 8f76652dfcc3a76fdded08fdba5faa56a465bfcda682b599ef9a862e53d635bf
libwebp-java-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: cc6df9be604550dca3ee134dd9c83a3f25c03c251f62a860605713ea1cc0795f
libwebp-java-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 8228b0ee038f822708f4da3f8a9c119f72091512dc6f5897801b2c9cf304e146
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 51f647b9b82dc9726ad440f18ab50d12c1cbae004ca0eba6e88c3c7e03c4d515
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 729444f349fd1ea91066d9103b13c1d5cffa5483f1749e6f0a50d44d10c52b79
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
libwebp-1.0.0-7.el8_6.1.src.rpm
SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f
aarch64
libwebp-1.0.0-7.el8_6.1.aarch64.rpm
SHA-256: 7fd3d55b81a405f94e6bd8a81a80373ce4526f4013545e830e83cbcf9df0e520
libwebp-debuginfo-1.0.0-7.el8_6.1.aarch64.rpm
SHA-256: 5cb12037fe6b4b7cceba000ae81ccf63fe396cebc86d83d7272126365bbb19b1
libwebp-debugsource-1.0.0-7.el8_6.1.aarch64.rpm
SHA-256: c4723bea24bd2e5971bf4ace539bd70a88f043e75b6c3be925f4cab8a4e9ba46
libwebp-devel-1.0.0-7.el8_6.1.aarch64.rpm
SHA-256: 897d2fdd13aea5011d24a6fb98edccb4521138a024bd3119341048a59596330e
libwebp-java-debuginfo-1.0.0-7.el8_6.1.aarch64.rpm
SHA-256: 337e145c1045ac106fb89384fb5be73774c9426decc534b191d28386f33c4290
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.aarch64.rpm
SHA-256: b5b406040f6a2aa04661d92edd4b94deb33da265e0abcaa4861130b2d395c78b
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
libwebp-1.0.0-7.el8_6.1.src.rpm
SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f
ppc64le
libwebp-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: a930b501efb8ec5572b4145e3fb6de3ef687fb524c6fbe19d7dc07088eb97516
libwebp-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: d2bf3b4c00f9b30c515ef72e8caa04285b37620afa2a5c0ab493e7a13755da79
libwebp-debugsource-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: 3095539ea895761bf75609e194eb950de6f90f99d3e06a9eaa800534f89c2325
libwebp-devel-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: b4c79e74fd95fea7eb2694edd67a33eb65215cd90875fb8d612aea4f143372cc
libwebp-java-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: b4cd0871adbbb53d4b0c9bf9219b4a545de5ea2de9c69713ea65b17088394f8a
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.ppc64le.rpm
SHA-256: 168fe1d34bcb4371ac702ff6e0704f5def185035fd51ded264f4f217a21a05cf
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
libwebp-1.0.0-7.el8_6.1.src.rpm
SHA-256: 991af7457816ee457edbf4870cf31d7d922254d745bf0947b7df15e3d903ea4f
x86_64
libwebp-1.0.0-7.el8_6.1.i686.rpm
SHA-256: ea920c2d0cad23cd5bca3594a47777f14939b5521acf0cfd0ebf8c64730d5d33
libwebp-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: ba34eb369b9ce816355db7acdc1bfd98c6305f4633e57bca5dfea9482b6f205f
libwebp-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 3fb109d12d7435eb7e10c3874cae2c9bdf7097b9c984bda2c9bdfb956e85a851
libwebp-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: a98aaf6066fb85e98859af3cc335beb693d604e86d924fdffac4077147af660a
libwebp-debugsource-1.0.0-7.el8_6.1.i686.rpm
SHA-256: b4c97f75145c8090d8a09b45d314827156136044fd9f6d62cbcff5160848337a
libwebp-debugsource-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: b863587fba452f8d6ef58b4bfb9d1f8ee8040dbced0a7b3aded44b1c1678903e
libwebp-devel-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 9c03bb5b143d81f0abb49654e666a46b29458ae98f02a2832564100a4d4dd605
libwebp-devel-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 8f76652dfcc3a76fdded08fdba5faa56a465bfcda682b599ef9a862e53d635bf
libwebp-java-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: cc6df9be604550dca3ee134dd9c83a3f25c03c251f62a860605713ea1cc0795f
libwebp-java-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 8228b0ee038f822708f4da3f8a9c119f72091512dc6f5897801b2c9cf304e146
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.i686.rpm
SHA-256: 51f647b9b82dc9726ad440f18ab50d12c1cbae004ca0eba6e88c3c7e03c4d515
libwebp-tools-debuginfo-1.0.0-7.el8_6.1.x86_64.rpm
SHA-256: 729444f349fd1ea91066d9103b13c1d5cffa5483f1749e6f0a50d44d10c52b79
Related news
Malwarebytes is offering customers its ThreatDown Vulnerability Assessment solution without extra costs to help reduce attack surfaces and improve their security posture
Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP.
Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0 Valhall GPU Kernel Driver: All versions from r19p0 -
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can
Red Hat Security Advisory 2023-5236-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5223-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Issues addressed include a buffer overflow vulnerability.
An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker cou...
Debian Linux Security Advisory 5497-2 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw ...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Ubuntu Security Notice 6369-1 - It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 6368-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. It was discovered that Thunderbird did not properly manage memory when handling WebP images. If a user were tricked into opening a malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.
Debian Linux Security Advisory 5497-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
Ubuntu Security Notice 6367-1 - It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.
Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more...) The post Update Chrome now! Google patches critical vulnerability being exploited in the wild appeared first on Malwarebytes Labs.