Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HBandisoft Honeyview
APPBandisoft< 5.51Bentley Seequent Leapfrog
APPBentley< 2023.2Debian
OSDebian10.011.012.0Fedora Project Fedora
OSFedoraproject373839Google Chrome
APPGoogle< 116.0.5845.187Microsoft Edge
APPMicrosoft< 116.0.1938.81Microsoft Teams
APPMicrosoft< 1.6.00.26463< 1.6.00.26474Microsoft Webp Image Extension
APPMicrosoft< 1.0.62681.0Mozilla Firefox
APPMozilla< 102.15.1< 117.0.1115.1.0 – 115.2.1 (bez)Mozilla Thunderbird
APPMozilla115.0 – 115.2.2 (bez)< 102.15.1Netapp Active Iq Unified Manager
APPNetappwszystkie wersjeWebmproject Libwebp
APPWebmproject< 1.3.2
CISA KEV — detailsi
- Vendori
- Google ↗
- Producti
- Chromium WebP
- Added to KEVi
- September 13, 2023
- Remediation deadline (US Federal)i
- October 4, 2023(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)