cve/2023/CVE-2023-4863.md

### [CVE-2023-4863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863)
![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=libwebp&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.3.2%3C%201.3.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=116.0.5845.187%3C%20116.0.5845.187%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap%20buffer%20overflow&color=brighgreen)

### Description

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

### POC

#### Reference
- https://blog.isosceles.com/the-webp-0day/
- https://bugzilla.suse.com/show_bug.cgi?id=1215231
- https://news.ycombinator.com/item?id=37478403
- https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

#### Github
- https://github.com/0xMarcio/cve
- https://github.com/Blaukovitch/GOOGLE_CHROME_Windows_7_CRACK
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CrackerCat/CVE-2023-4863-
- https://github.com/DanGough/PoshCVE
- https://github.com/DarkNavySecurity/PoC
- https://github.com/GTGalaxi/ElectronVulnerableVersion
- https://github.com/GhostTroops/TOP
- https://github.com/Keeper-Security/gitbook-release-notes
- https://github.com/LiveOverflow/webp-CVE-2023-4863
- https://github.com/Microsvuln/CVE-2023-4863
- https://github.com/Moonshieldgru/Moonshieldgru
- https://github.com/OITApps/Find-VulnerableElectronVersion
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Songg45/CVE-2023-4683-Test
- https://github.com/Threekiii/CVE
- https://github.com/Tougee/GlideWebpDecoder
- https://github.com/ZonghaoLi777/githubTrending
- https://github.com/alsaeroth/CVE-2023-4863-POC
- https://github.com/aneasystone/github-trending
- https://github.com/bbaranoff/CVE-2023-4863
- https://github.com/blusewill/plurk-rss-example
- https://github.com/bollwarm/SecToolSet
- https://github.com/caoweiquan322/NotEnough
- https://github.com/cgohlke/win_arm64-wheels
- https://github.com/hktalent/TOP
- https://github.com/houjingyi233/awesome-fuzz
- https://github.com/huiwen-yayaya/CVE-2023-4863
- https://github.com/jiegec/awesome-stars
- https://github.com/johe123qwe/github-trending
- https://github.com/mistymntncop/CVE-2023-4863
- https://github.com/mmomtchev/magickwand.js
- https://github.com/msuiche/elegant-bouncer
- https://github.com/murphysecurity/libwebp-checker
- https://github.com/naugtur/naughty-images
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863
- https://github.com/tanjiti/sec_profile
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-4863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863)`
			`![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=libwebp&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=1.3.2%3C%201.3.2%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=116.0.5845.187%3C%20116.0.5845.187%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap%20buffer%20overflow&color=brighgreen)`

			`### Description`

			`Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)`

			`### POC`

			`#### Reference`
			`- https://blog.isosceles.com/the-webp-0day/`
			`- https://bugzilla.suse.com/show_bug.cgi?id=1215231`
			`- https://news.ycombinator.com/item?id=37478403`
			`- https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/`

			`#### Github`
Update CVE sources 2024-06-10 18:01 2024-06-10 18:01:06 +00:00			`- https://github.com/0xMarcio/cve`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Blaukovitch/GOOGLE_CHROME_Windows_7_CRACK`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/CrackerCat/CVE-2023-4863-`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/DanGough/PoshCVE`
			`- https://github.com/DarkNavySecurity/PoC`
			`- https://github.com/GTGalaxi/ElectronVulnerableVersion`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/Keeper-Security/gitbook-release-notes`
			`- https://github.com/LiveOverflow/webp-CVE-2023-4863`
			`- https://github.com/Microsvuln/CVE-2023-4863`
			`- https://github.com/Moonshieldgru/Moonshieldgru`
			`- https://github.com/OITApps/Find-VulnerableElectronVersion`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/Songg45/CVE-2023-4683-Test`
			`- https://github.com/Threekiii/CVE`
			`- https://github.com/Tougee/GlideWebpDecoder`
			`- https://github.com/ZonghaoLi777/githubTrending`
			`- https://github.com/alsaeroth/CVE-2023-4863-POC`
			`- https://github.com/aneasystone/github-trending`
			`- https://github.com/bbaranoff/CVE-2023-4863`
			`- https://github.com/blusewill/plurk-rss-example`
			`- https://github.com/bollwarm/SecToolSet`
			`- https://github.com/caoweiquan322/NotEnough`
			`- https://github.com/cgohlke/win_arm64-wheels`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/houjingyi233/awesome-fuzz`
Update CVE sources 2024-06-10 07:22 2024-06-10 07:22:43 +00:00			`- https://github.com/huiwen-yayaya/CVE-2023-4863`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/jiegec/awesome-stars`
			`- https://github.com/johe123qwe/github-trending`
			`- https://github.com/mistymntncop/CVE-2023-4863`
			`- https://github.com/mmomtchev/magickwand.js`
			`- https://github.com/msuiche/elegant-bouncer`
			`- https://github.com/murphysecurity/libwebp-checker`
			`- https://github.com/naugtur/naughty-images`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863`
			`- https://github.com/tanjiti/sec_profile`