/
2023: Security Advisory: libwebp Heap buffer overflow

2023: Security Advisory: libwebp Heap buffer overflow

Owned by Jason Apel, created
Nov 15, 2023
1 min read

Summary

A critical vulnerability has been found in the libwebp library for processing graphics in WebP format, which allows information to be written to memory using buffer overflow.

Advisory release date

Sep 12, 2023

Product

  • uniFLOW Online

  • uniFLOW Server

  • sysHub

  • Internal Customer Hosted Services

CVE

CVE-2023-4863

Severity

CVSS Baser score 8.8 HIGH

 

Summary of Vulnerability

Heap buffer overflow in libwebp library in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Impact

NT-ware IT Operations and the Development teams have reviewed our products and services and concluded that we are not impacted by these CVE’s. We are not using this library in any of our products or web services.

 

 

Related content

2022: Security Advisory: Vulnerability in Apache library.
2022: Security Advisory: Vulnerability in Apache library.
NT-ware Support
More like this
2024: Security Advisory: Multiple MiCard PLUS card reader dropped characters.
2024: Security Advisory: Multiple MiCard PLUS card reader dropped characters.
NT-ware Support
Read with this
2023: Security Advisory: CURL/LibCURL Vulnerabilities
2023: Security Advisory: CURL/LibCURL Vulnerabilities
NT-ware Support
More like this
NT-ware Security Advisories, Products and Services
NT-ware Security Advisories, Products and Services
NT-ware Support
Read with this
2022: Security Advisory: Spring4Shell Java Spring Framework
2022: Security Advisory: Spring4Shell Java Spring Framework
NT-ware Support
More like this
NT-ware and Online Services DNS / IP addresses
NT-ware and Online Services DNS / IP addresses
NT-ware Support
Read with this