Top > CVE-2023-4863
  • The added line is THIS COLOR.
  • The deleted line is THIS COLOR.
  • Go to CVE-2023-4863.
-  https://nvd.nist.gov/vuln/detail/CVE-2023-4863

>
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

- https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a

* PoC [#ceb04c33]

- https://github.com/mistymntncop/CVE-2023-4863

* ImageMagick [#a89fe078]

- Is ImageMagick vulnarable to CVE-2023-4863? (libwebp heap overflow leading to RCE) #6746
--   https://github.com/ImageMagick/ImageMagick/discussions/6746

>
I suspect that our code can hit that same path when someone builds ImageMagick with a version of libwebp that includes that vulnerability.
Reload   Diff   Front page List of pages Search Recent changes Backup Referer   Help   RSS of recent changes