Backup of CVE-2023-4863(No. 2) - YoyaWiki Plus!

その他の巡回

ニコニコ動画

Google乗り換え

Googleニュース

pukiwiki-official

Wikiの書き方(整形ルール)

プラグインヘルプ

各種ドキュメント

Backup list
View the diff.
View the diff current.
View the diff for visual.
View the source.
Go to CVE-2023-4863.
- 1 (2023-10-17 (Tue) 15:02:30)
- 2 (2024-03-05 (Tue) 23:12:33)

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a

ImageMagick

Is ImageMagick vulnarable to CVE-2023-4863? (libwebp heap overflow leading to RCE) #6746
- https://github.com/ImageMagick/ImageMagick/discussions/6746

I suspect that our code can hit that same path when someone builds ImageMagick with a version of libwebp that includes that vulnerability.