nvd-json-data-feeds/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json

{
  "id": "CVE-2023-4863",
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "published": "2023-09-12T15:15:24.327",
  "lastModified": "2023-09-18T14:15:07.877",
  "vulnStatus": "Undergoing Analysis",
  "cisaExploitAdd": "2023-09-13",
  "cisaActionDue": "2023-10-04",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability",
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
    },
    {
      "lang": "es",
      "value": "El desbordamiento del b\u00fafer en WebP en Google Chrome anterior a la versi\u00f3n 116.0.5845.187 permit\u00eda a un atacante remoto realizar una escritura en memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML elaborada. (Severidad de seguridad de Chromium: Cr\u00edtica)"
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://crbug.com/1479274",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://en.bandisoft.com/honeyview/history/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://news.ycombinator.com/item?id=37478403",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://security.gentoo.org/glsa/202309-05",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5496",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5497",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5498",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/",
      "source": "chrome-cve-admin@google.com"
    }
  ]
}