ALT-PU-2023-5632-3

BDU:2023-05510

HIGH8.8

Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2023-09-13Изменено: 2025-09-05

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ссылки

CVE-2023-4863

CVE-2023-4863

HIGH8.8

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2023-09-12Изменено: 2025-10-24

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

GHSA-94vc-p8w7-5p49

NONE

Bundled libwebp in imagecodecs vulnerable

Опубликовано: 2023-10-05

Ссылки

GHSA-cxjf-x6jp-p7mc

HIGH8.6

opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Опубликовано: 2024-08-31

CVSS 3.xВЫСОКАЯ 8.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 4.0ВЫСОКАЯ 8.6

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Ссылки

GHSA-j7hp-h8jx-5ppr

HIGH8.8

libwebp: OOB write in BuildHuffmanTable

Опубликовано: 2023-09-12Изменено: 2025-07-09

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

GHSA-jh2j-j4j9-crg3

HIGH8.6

opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Опубликовано: 2024-08-31

CVSS 3.xВЫСОКАЯ 8.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 4.0ВЫСОКАЯ 8.6

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Ссылки

GHSA-qr4w-53vh-m672

HIGH8.6

opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Опубликовано: 2024-08-31Изменено: 2024-08-31

CVSS 3.xВЫСОКАЯ 8.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 4.0ВЫСОКАЯ 8.6

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Ссылки

GHSA-w2pj-9cgh-mq2c

HIGH8.6

opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Опубликовано: 2024-08-31

CVSS 3.xВЫСОКАЯ 8.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 4.0ВЫСОКАЯ 8.6

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Ссылки

GHSA-wqcr-xm43-hpqr

HIGH8.8

Vulnerable version of libwebp and can be exploited with a malicious source image

Опубликовано: 2023-10-06

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

Обновление пакета libwebp в ветке sisyphus

Закрытые проблемы (9)

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Bundled libwebp in imagecodecs vulnerable

opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

libwebp: OOB write in BuildHuffmanTable

opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Vulnerable version of libwebp and can be exploited with a malicious source image