CVE-2023-4863: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2023-10-04

Exploited in the wild

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Affected

67 ranges· showing 25

Vendor	Product	Version range	Fixed in
apache	guacamole	—	—
bandisoft	honeyview	< 5.51	5.51
bentley	seequent_leapfrog	< 2023.2	2023.2
chromium	chromium	>= 0 < 117.0.5938.62-1	117.0.5938.62-1
chromium	chromium	>= 0 < 117.0.5938.62-1	117.0.5938.62-1
chromium	chromium	>= 0 < 117.0.5938.62-1	117.0.5938.62-1
chromium	chromium	>= 0 < 117.0.5938.62-1	117.0.5938.62-1
code16	sharp	>= 0 < 0.32.6	0.32.6
debian	chromium	< chromium 117.0.5938.62-1 (bookworm)	chromium 117.0.5938.62-1 (bookworm)
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	firefox	< chromium 117.0.5938.62-1 (bookworm)	chromium 117.0.5938.62-1 (bookworm)
debian	firefox-esr	< chromium 117.0.5938.62-1 (bookworm)	chromium 117.0.5938.62-1 (bookworm)
debian	libwebp	< chromium 117.0.5938.62-1 (bookworm)	chromium 117.0.5938.62-1 (bookworm)
debian	thunderbird	< chromium 117.0.5938.62-1 (bookworm)	chromium 117.0.5938.62-1 (bookworm)
electron	electron	>= 22.0.0 < 22.3.24	22.3.24
electron	electron	>= 24.0.0 < 24.8.3	24.8.3
electron	electron	>= 25.0.0 < 25.8.1	25.8.1
electron	electron	>= 26.0.0 < 26.2.1	26.2.1
electron	electron	>= 27.0.0-beta.1 < 27.0.0-beta.2	27.0.0-beta.2
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
github.com	chai2010_webp	>= 0 < 0.0.0-20250406010349-76805d5a8860	0.0.0-20250406010349-76805d5a8860

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

ghsa8.8HIGH

osv8.8HIGH

vulncheck8.8HIGH

cisa8.8HIGH