Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
PoC
ImageMagick
- Is ImageMagick vulnarable to CVE-2023-4863? (libwebp heap overflow leading to RCE) #6746
I suspect that our code can hit that same path when someone builds ImageMagick with a version of libwebp that includes that vulnerability.