cbcvebase.
CVE-2023-1999
published 2023-06-20

CVE-2023-1999: There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best…

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.95%
57.0th percentile
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

Affected

17 ranges
VendorProductVersion rangeFixed in
chromiumlibwebp>= 0.4.2 < 1.3.11.3.1
chromiumlibwebp>= 0.4.2 < 1.3.0-8-ga486d8001.3.0-8-ga486d800
debianfirefox< firefox 112.0-1 (sid)firefox 112.0-1 (sid)
debianfirefox-esr< firefox 112.0-1 (sid)firefox 112.0-1 (sid)
debianlibwebp< firefox 112.0-1 (sid)firefox 112.0-1 (sid)
debianthunderbird< firefox 112.0-1 (sid)firefox 112.0-1 (sid)
mozillafirefox
mozillathunderbird>= 0 < 1:102.10.0-1~deb11u11:102.10.0-1~deb11u1
mozillathunderbird>= 0 < 1:102.10.0-11:102.10.0-1
mozillathunderbird>= 0 < 1:102.10.0-11:102.10.0-1
mozillathunderbird>= 0 < 1:102.10.0-11:102.10.0-1
msrcmicrosoft_edge
webmprojectlibwebp>= 0 < 0.6.1-2.1+deb11u10.6.1-2.1+deb11u1
webmprojectlibwebp>= 0 < 1.2.4-0.21.2.4-0.2
webmprojectlibwebp>= 0 < 1.2.4-0.21.2.4-0.2
webmprojectlibwebp>= 0 < 1.2.4-0.21.2.4-0.2
webmprojectlibwebp>= 0.4.2 < 1.3.11.3.1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_oracle7.5MEDIUM
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.