2023: Security Advisory: libwebp Heap buffer overflow

Summary

A critical vulnerability has been found in the libwebp library for processing graphics in WebP format, which allows information to be written to memory using buffer overflow.

Advisory release date

Sep 12, 2023

Product

  • uniFLOW Online

  • uniFLOW Server

  • sysHub

  • Internal Customer Hosted Services

CVE

CVE-2023-4863

Severity

CVSS Baser score 8.8 HIGH

 

Summary of Vulnerability

Heap buffer overflow in libwebp library in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Impact

NT-ware IT Operations and the Development teams have reviewed our products and services and concluded that we are not impacted by these CVE’s. We are not using this library in any of our products or web services.

 

Â