Headline
RHSA-2023:5309: Red Hat Security Advisory: libwebp security update
An update for libwebp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process “WebP” image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Synopsis
Important: libwebp security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
- libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Fixes
- BZ - 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec
Red Hat Enterprise Linux for x86_64 8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
x86_64
libwebp-1.0.0-8.el8_8.1.i686.rpm
SHA-256: ef72a7ed3dc8e8675789e16982ad183d190c238769f2802016502882ad45f313
libwebp-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: ccb2a86dbe6bb870d54d36a9b3e48e521e5146592876b3a65f9f0806bccdafd7
libwebp-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 53d9451d037c5b2265fd76ca875a7a536af45b42d557a44edf332a473cf83bba
libwebp-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 69b169b3990322942b408a2621c17d8691bfc6db06fe630c460b86af5b137aa3
libwebp-debugsource-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 49d7f03c2100f4ef5350aa94f812701c5b61b88bd87563cfad95e78df7f41629
libwebp-debugsource-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 1dbdeddd855ba3578886a350aa7ada9f95e185d3d573f9e95a39382621f37ce2
libwebp-devel-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 229200b621ad0c08fde5acd9e52af9533b437913aa8e635ead60bb5a089063a9
libwebp-devel-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: be95acbf132476cc78547d89ab33c198038fd97bc54d89a67b2c5fa63d4d6705
libwebp-java-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: b6f2b8b7449d2258f4a06c54a7f119fb4612a6c826d087812e95290e3bc2b769
libwebp-java-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 42ccdada01fe150c5b55963aaab43e5aae967b0d69b4f98cc858c8af88c2bff7
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 4b8a9cff380f87c65874fcc4f41b0eb2842790784d5611f50827d0b8a60d34c4
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: d316721d8de8716490a8fe12743ed9d5616b29ac690fabd695e1e4a66439a3c7
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
x86_64
libwebp-1.0.0-8.el8_8.1.i686.rpm
SHA-256: ef72a7ed3dc8e8675789e16982ad183d190c238769f2802016502882ad45f313
libwebp-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: ccb2a86dbe6bb870d54d36a9b3e48e521e5146592876b3a65f9f0806bccdafd7
libwebp-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 53d9451d037c5b2265fd76ca875a7a536af45b42d557a44edf332a473cf83bba
libwebp-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 69b169b3990322942b408a2621c17d8691bfc6db06fe630c460b86af5b137aa3
libwebp-debugsource-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 49d7f03c2100f4ef5350aa94f812701c5b61b88bd87563cfad95e78df7f41629
libwebp-debugsource-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 1dbdeddd855ba3578886a350aa7ada9f95e185d3d573f9e95a39382621f37ce2
libwebp-devel-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 229200b621ad0c08fde5acd9e52af9533b437913aa8e635ead60bb5a089063a9
libwebp-devel-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: be95acbf132476cc78547d89ab33c198038fd97bc54d89a67b2c5fa63d4d6705
libwebp-java-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: b6f2b8b7449d2258f4a06c54a7f119fb4612a6c826d087812e95290e3bc2b769
libwebp-java-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 42ccdada01fe150c5b55963aaab43e5aae967b0d69b4f98cc858c8af88c2bff7
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 4b8a9cff380f87c65874fcc4f41b0eb2842790784d5611f50827d0b8a60d34c4
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: d316721d8de8716490a8fe12743ed9d5616b29ac690fabd695e1e4a66439a3c7
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
s390x
libwebp-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: 71572e1e5cac13b7ac951bae722db84ffa65c4fc4f12d394567337341fef24b2
libwebp-debuginfo-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: ca838dd341190f54c4cc4a41bdffb18afa9c5f3b6938ce146da25c7109b6240a
libwebp-debugsource-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: 7ee3259bbbd4312fde25af457b926ec36bd65fec9cce8f2ecc05b902e3e76e47
libwebp-devel-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: a5afd859ed05d53cc75f7dff566da14b4f317a662d697814a6a2e6f6869a2676
libwebp-java-debuginfo-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: 00423128eca23ebd787e4d2a9bbf13e065702dc8de8aa6c060824d0b5fb330df
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: 45ba9f6c402d03c701478145307e619fd98149b7e88736ecb86bfb396c3771c7
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
s390x
libwebp-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: 71572e1e5cac13b7ac951bae722db84ffa65c4fc4f12d394567337341fef24b2
libwebp-debuginfo-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: ca838dd341190f54c4cc4a41bdffb18afa9c5f3b6938ce146da25c7109b6240a
libwebp-debugsource-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: 7ee3259bbbd4312fde25af457b926ec36bd65fec9cce8f2ecc05b902e3e76e47
libwebp-devel-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: a5afd859ed05d53cc75f7dff566da14b4f317a662d697814a6a2e6f6869a2676
libwebp-java-debuginfo-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: 00423128eca23ebd787e4d2a9bbf13e065702dc8de8aa6c060824d0b5fb330df
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.s390x.rpm
SHA-256: 45ba9f6c402d03c701478145307e619fd98149b7e88736ecb86bfb396c3771c7
Red Hat Enterprise Linux for Power, little endian 8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
ppc64le
libwebp-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 0d85073af8e839f5213fa45403ff464dc031d7e576dfb357463519a561b7fc0d
libwebp-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: f1b1dcd21bd3703fe57df9603e45bb0af3799ebd22721e7c2da7568e1f21aa07
libwebp-debugsource-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: d4bae3e6dbafbbf6131472c468ff601ba6ab1826baaf79110fda840b93f3be61
libwebp-devel-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 9099ffcf71051fa3d7789e99cb954c727b72ac7bdb20df69d2a0eae52a0d0029
libwebp-java-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 350cdd7922a363228408cc73232ad0cb578e03376b92b4428d310c751732b47e
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: dc63b029bac9f53df8c8891973cddbb9158611e2c9e79a449980c2cb289c616d
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
ppc64le
libwebp-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 0d85073af8e839f5213fa45403ff464dc031d7e576dfb357463519a561b7fc0d
libwebp-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: f1b1dcd21bd3703fe57df9603e45bb0af3799ebd22721e7c2da7568e1f21aa07
libwebp-debugsource-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: d4bae3e6dbafbbf6131472c468ff601ba6ab1826baaf79110fda840b93f3be61
libwebp-devel-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 9099ffcf71051fa3d7789e99cb954c727b72ac7bdb20df69d2a0eae52a0d0029
libwebp-java-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 350cdd7922a363228408cc73232ad0cb578e03376b92b4428d310c751732b47e
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: dc63b029bac9f53df8c8891973cddbb9158611e2c9e79a449980c2cb289c616d
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
x86_64
libwebp-1.0.0-8.el8_8.1.i686.rpm
SHA-256: ef72a7ed3dc8e8675789e16982ad183d190c238769f2802016502882ad45f313
libwebp-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: ccb2a86dbe6bb870d54d36a9b3e48e521e5146592876b3a65f9f0806bccdafd7
libwebp-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 53d9451d037c5b2265fd76ca875a7a536af45b42d557a44edf332a473cf83bba
libwebp-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 69b169b3990322942b408a2621c17d8691bfc6db06fe630c460b86af5b137aa3
libwebp-debugsource-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 49d7f03c2100f4ef5350aa94f812701c5b61b88bd87563cfad95e78df7f41629
libwebp-debugsource-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 1dbdeddd855ba3578886a350aa7ada9f95e185d3d573f9e95a39382621f37ce2
libwebp-devel-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 229200b621ad0c08fde5acd9e52af9533b437913aa8e635ead60bb5a089063a9
libwebp-devel-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: be95acbf132476cc78547d89ab33c198038fd97bc54d89a67b2c5fa63d4d6705
libwebp-java-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: b6f2b8b7449d2258f4a06c54a7f119fb4612a6c826d087812e95290e3bc2b769
libwebp-java-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 42ccdada01fe150c5b55963aaab43e5aae967b0d69b4f98cc858c8af88c2bff7
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 4b8a9cff380f87c65874fcc4f41b0eb2842790784d5611f50827d0b8a60d34c4
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: d316721d8de8716490a8fe12743ed9d5616b29ac690fabd695e1e4a66439a3c7
Red Hat Enterprise Linux for ARM 64 8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
aarch64
libwebp-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: f857b6e0f695649924c80b686ceb6a2747e9e9a963ccc408ebf565ee28015384
libwebp-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 32492da4067fa7afae0b02c9d9e7dada7a8f37d2fe3fc2cc97386f71de141dcf
libwebp-debugsource-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 546a421846a7b8b975ae98e504c2b50f7e96d171c8b0cb8906281216c0bfdc12
libwebp-devel-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 762caa3828dadf14fd11c2ed003dc29928a0b6e24365e98db31f5ae942a0fcc2
libwebp-java-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 20c9343c26210d394727eb966d725c3a5d154096a61e55b2ffea592dbea9dbc1
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 961f59f7b69678d8b264d5af43a22122adc630c0ea3085704a91455a221959b9
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
aarch64
libwebp-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: f857b6e0f695649924c80b686ceb6a2747e9e9a963ccc408ebf565ee28015384
libwebp-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 32492da4067fa7afae0b02c9d9e7dada7a8f37d2fe3fc2cc97386f71de141dcf
libwebp-debugsource-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 546a421846a7b8b975ae98e504c2b50f7e96d171c8b0cb8906281216c0bfdc12
libwebp-devel-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 762caa3828dadf14fd11c2ed003dc29928a0b6e24365e98db31f5ae942a0fcc2
libwebp-java-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 20c9343c26210d394727eb966d725c3a5d154096a61e55b2ffea592dbea9dbc1
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm
SHA-256: 961f59f7b69678d8b264d5af43a22122adc630c0ea3085704a91455a221959b9
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
ppc64le
libwebp-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 0d85073af8e839f5213fa45403ff464dc031d7e576dfb357463519a561b7fc0d
libwebp-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: f1b1dcd21bd3703fe57df9603e45bb0af3799ebd22721e7c2da7568e1f21aa07
libwebp-debugsource-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: d4bae3e6dbafbbf6131472c468ff601ba6ab1826baaf79110fda840b93f3be61
libwebp-devel-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 9099ffcf71051fa3d7789e99cb954c727b72ac7bdb20df69d2a0eae52a0d0029
libwebp-java-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: 350cdd7922a363228408cc73232ad0cb578e03376b92b4428d310c751732b47e
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm
SHA-256: dc63b029bac9f53df8c8891973cddbb9158611e2c9e79a449980c2cb289c616d
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
libwebp-1.0.0-8.el8_8.1.src.rpm
SHA-256: f7dc4f319ec8fdd4cd10e6aeb8b4d563c5f13921ddef05aaa49da12d143f8025
x86_64
libwebp-1.0.0-8.el8_8.1.i686.rpm
SHA-256: ef72a7ed3dc8e8675789e16982ad183d190c238769f2802016502882ad45f313
libwebp-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: ccb2a86dbe6bb870d54d36a9b3e48e521e5146592876b3a65f9f0806bccdafd7
libwebp-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 53d9451d037c5b2265fd76ca875a7a536af45b42d557a44edf332a473cf83bba
libwebp-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 69b169b3990322942b408a2621c17d8691bfc6db06fe630c460b86af5b137aa3
libwebp-debugsource-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 49d7f03c2100f4ef5350aa94f812701c5b61b88bd87563cfad95e78df7f41629
libwebp-debugsource-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 1dbdeddd855ba3578886a350aa7ada9f95e185d3d573f9e95a39382621f37ce2
libwebp-devel-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 229200b621ad0c08fde5acd9e52af9533b437913aa8e635ead60bb5a089063a9
libwebp-devel-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: be95acbf132476cc78547d89ab33c198038fd97bc54d89a67b2c5fa63d4d6705
libwebp-java-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: b6f2b8b7449d2258f4a06c54a7f119fb4612a6c826d087812e95290e3bc2b769
libwebp-java-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: 42ccdada01fe150c5b55963aaab43e5aae967b0d69b4f98cc858c8af88c2bff7
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.i686.rpm
SHA-256: 4b8a9cff380f87c65874fcc4f41b0eb2842790784d5611f50827d0b8a60d34c4
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm
SHA-256: d316721d8de8716490a8fe12743ed9d5616b29ac690fabd695e1e4a66439a3c7
Related news
Plus: Major security patches from Microsoft, Mozilla, Atlassian, Cisco, and more.
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: CVE-2023-4863 Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released on Windows and updates through Microsoft Store) CVE-2023-5217
Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially
Red Hat Security Advisory 2023-5224-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Issues addressed include a buffer overflow vulnerability.
An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which give a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Debian Linux Security Advisory 5498-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Debian Linux Security Advisory 5497-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)