CVE-2023-1999
published 2023-06-20CVE-2023-1999: There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.95%
57.0th percentile
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | libwebp | >= 0.4.2 < 1.3.1 | 1.3.1 |
| chromium | libwebp | >= 0.4.2 < 1.3.0-8-ga486d800 | 1.3.0-8-ga486d800 |
| debian | firefox | < firefox 112.0-1 (sid) | firefox 112.0-1 (sid) |
| debian | firefox-esr | < firefox 112.0-1 (sid) | firefox 112.0-1 (sid) |
| debian | libwebp | < firefox 112.0-1 (sid) | firefox 112.0-1 (sid) |
| debian | thunderbird | < firefox 112.0-1 (sid) | firefox 112.0-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | thunderbird | >= 0 < 1:102.10.0-1~deb11u1 | 1:102.10.0-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:102.10.0-1 | 1:102.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:102.10.0-1 | 1:102.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:102.10.0-1 | 1:102.10.0-1 |
| msrc | microsoft_edge | — | — |
| webmproject | libwebp | >= 0 < 0.6.1-2.1+deb11u1 | 0.6.1-2.1+deb11u1 |
| webmproject | libwebp | >= 0 < 1.2.4-0.2 | 1.2.4-0.2 |
| webmproject | libwebp | >= 0 < 1.2.4-0.2 | 1.2.4-0.2 |
| webmproject | libwebp | >= 0 < 1.2.4-0.2 | 1.2.4-0.2 |
| webmproject | libwebp | >= 0.4.2 < 1.3.1 | 1.3.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_oracle7.5MEDIUM
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Chromium: CVE-2023-1999 Use after free in libwebp
vendor_msrc·2023-09-12·CVSS 5.3
CVE-2023-1999 [MEDIUM] Chromium: CVE-2023-1999 Use after free in libwebp
Chromium: CVE-2023-1999 Use after free in libwebp
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ: Wha
Ubuntu
libwebp vulnerability
vendor_ubuntu·2023-07-18
CVE-2023-1999 libwebp vulnerability
Title: libwebp vulnerability
Summary: libwebp could be made to crash or run programs as your login if it opened a
specially crafted file.
USN-6078-1 fixed a vulnerability in libwebp. This update
provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Irvan Kurniawan discovered that libwebp incorrectly handled certain memory
operations. If a user or automated system were tricked into opening a
specially crafted image file, a remote attacker could use this issue to
cause libwebp to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Oracle
Oracle Oracle Communications Risk Matrix: Virtual Network Function Manager (Libwebp) — CVE-2023-1999
vendor_oracle·2023-07-15·CVSS 7.5
CVE-2023-1999 [MEDIUM] Oracle Oracle Communications Risk Matrix: Virtual Network Function Manager (Libwebp) — CVE-2023-1999
Oracle Oracle Communications Risk Matrix: Virtual Network Function Manager (Libwebp) vulnerability
CVE: CVE-2023-1999
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Ubuntu
libwebp vulnerability
vendor_ubuntu·2023-05-16
CVE-2023-1999 libwebp vulnerability
Title: libwebp vulnerability
Summary: libwebp could be made to crash or run programs as your login if it opened a
specially crafted file.
Irvan Kurniawan discovered that libwebp incorrectly handled certain memory
operations. If a user or automated system were tricked into opening a
specially crafted image file, a remote attacker could use this issue to
cause libwebp to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Mozilla: libwebp: Double-free in libwebp
vendor_redhat·2023-04-11·CVSS 5.3
CVE-2023-1999 [MEDIUM] CWE-415 Mozilla: libwebp: Double-free in libwebp
Mozilla: libwebp: Double-free in libwebp
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
The Mozilla Foundation Security Advisory describes this flaw as:
A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise
Debian
CVE-2023-1999: firefox - There exists a use after free/double free in libwebp. An attacker can use the Ap...
vendor_debian·2023·CVSS 5.3
CVE-2023-1999 [MEDIUM] CVE-2023-1999: firefox - There exists a use after free/double free in libwebp. An attacker can use the Ap...
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
Scope: local
sid: resolved (fixed in 112.0-1)
Mozilla
Mozilla Foundation Security Advisory 2023-13: CVE-2023-1999
vendor_mozilla·CVSS 5.3
CVE-2023-1999 [MEDIUM] Mozilla Foundation Security Advisory 2023-13: CVE-2023-1999
Mozilla Foundation Security Advisory 2023-13
CVE: CVE-2023-1999
Product: Firefox, Firefox for Android, Focus for Android
Impact: high
Fixed in: Firefox 112
Firefox for Android 112
Focus for Android 112
Mozilla
Mozilla Foundation Security Advisory 2023-15: CVE-2023-1999
vendor_mozilla·CVSS 5.3
CVE-2023-1999 [MEDIUM] Mozilla Foundation Security Advisory 2023-15: CVE-2023-1999
Mozilla Foundation Security Advisory 2023-15
CVE: CVE-2023-1999
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 102.10
Mozilla
Mozilla Foundation Security Advisory 2023-14: CVE-2023-1999
vendor_mozilla·CVSS 5.3
CVE-2023-1999 [MEDIUM] Mozilla Foundation Security Advisory 2023-14: CVE-2023-1999
Mozilla Foundation Security Advisory 2023-14
CVE: CVE-2023-1999
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 102.10
GHSA
GHSA-8x9p-cw2c-6253: There exists a use after free/double free in libwebp
ghsa_unreviewed·2023-06-20
CVE-2023-1999 [HIGH] CWE-415 GHSA-8x9p-cw2c-6253: There exists a use after free/double free in libwebp
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
OSV
CVE-2023-1999: There exists a use after free/double free in libwebp
osv·2023-06-20·CVSS 7.5
CVE-2023-1999 [HIGH] CVE-2023-1999: There exists a use after free/double free in libwebp
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
No detection rules found.
No writeups or analysis indexed.
2023-06-20
Published