cbcvebase.
CVE-2023-5217
published 2023-09-28

CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-10-23
Exploited in the wild
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected

56 ranges· showing 25
VendorProductVersion rangeFixed in
appleios_16.7.1_and_ipados
appleios_17.0.3_and_ipados
appleipados
appleipados>= 17.0 < 17.0.317.0.3
appleiphone_os
appleiphone_os>= 17.0 < 17.0.317.0.3
chromiumchromium>= 0 < 117.0.5938.132-1~deb11u1117.0.5938.132-1~deb11u1
chromiumchromium>= 0 < 117.0.5938.132-1~deb12u1117.0.5938.132-1~deb12u1
chromiumchromium>= 0 < 117.0.5938.132-1117.0.5938.132-1
chromiumchromium>= 0 < 117.0.5938.132-1117.0.5938.132-1
debianchromium< chromium 117.0.5938.132-1~deb12u1 (bookworm)chromium 117.0.5938.132-1~deb12u1 (bookworm)
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianfirefox< chromium 117.0.5938.132-1~deb12u1 (bookworm)chromium 117.0.5938.132-1~deb12u1 (bookworm)
debianfirefox-esr< chromium 117.0.5938.132-1~deb12u1 (bookworm)chromium 117.0.5938.132-1~deb12u1 (bookworm)
debianlibvpx< chromium 117.0.5938.132-1~deb12u1 (bookworm)chromium 117.0.5938.132-1~deb12u1 (bookworm)
debianthunderbird< chromium 117.0.5938.132-1~deb12u1 (bookworm)chromium 117.0.5938.132-1~deb12u1 (bookworm)
electronelectron>= 0 < 22.3.2522.3.25
electronelectron>= 24.0.0 < 24.8.524.8.5
electronelectron>= 25.0.0 < 25.8.425.8.4
electronelectron>= 26.0.0 < 26.2.426.2.4
electronelectron>= 27.0.0-alpha.1 < 27.0.0-beta.827.0.0-beta.8
fedoraprojectfedora
fedoraprojectfedora

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ghsa8.8HIGH
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH