2023: Security Advisory: libwebp Heap buffer overflow


A critical vulnerability has been found in the libwebp library for processing graphics in WebP format, which allows information to be written to memory using buffer overflow.

Advisory release date

Sep 12, 2023


  • uniFLOW Online

  • uniFLOW Server

  • sysHub

  • Internal Customer Hosted Services




CVSS Baser score 8.8 HIGH


Summary of Vulnerability

Heap buffer overflow in libwebp library in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.


NT-ware IT Operations and the Development teams have reviewed our products and services and concluded that we are not impacted by these CVE’s. We are not using this library in any of our products or web services.