Skip to main content

Out-of-bounds Write in atom-shell

CVE-2023-4863

  • atom-shell
  • bep/gowebp
  • CefSharp.Common
  • CefSharp.Common.NETCore
  • chai2010/webp
  • chromiumembeddedframework.runtime
  • com.facebook.fresco:animated-webp
  • cwebp
  • cwebp-bin
  • electron
  • electron-nightly
  • electron-prebuilt
  • github.com/AliFlux/webp
  • github.com/arisudesu-forks/webp
  • github.com/bep/go-webp
  • github.com/bep/gowebp
  • github.com/chai2010/WEBP
  • github.com/coldnight/webp
  • github.com/flashguru-git/webp
  • github.com/furiousassault/webp
  • github.com/glados28/webp
  • github.com/hu1314460/webp
  • github.com/itzngga/webp
  • github.com/jjkoh95/webp
  • github.com/kulwindermatharu/webp
  • github.com/liuchao915/webp
  • github.com/lxy1226/webp
  • github.com/mxwxz/webp
  • github.com/pablolagos/webp
  • github.com/qcdong2016/webp
  • github.com/rohanrathi/webp
  • github.com/rv-lsenna/webp
  • github.com/townsin/webp
  • github.com/webp-sh/webp
  • gulp-webp
  • Imazen.WebP
  • libvips
  • libwebp
  • libwebp:demux:libwebp:demux
  • libwebp:libwebp
  • libwebp:mux:libwebp:mux
  • libwebp:sharpyuv:libwebp:sharpyuv
  • libwebp:webp:libwebp:webp
  • opencv-contrib-python
  • opencv-contrib-python-headless
  • opencv-python
  • opencv-python-headless
  • org.webjars.npm:electron
  • org.webjars.npm:electron-prebuilt
  • org.webjars.npm:sharp
  • SDWebImage:libwebp-Xcode
  • sharp
  • SkiaSharp
  • webp-converter
High
8.8/10

Summary

A Heap-Based Buffer Overflow vulnerability in "libwebp" in versions prior to 1.3.2 allows an attacker to perform an out-of-bounds memory write. The vulnerability could be exploited by a remote attacker via a crafted HTML page, potentially leading to unauthorized code execution or a denial of service condition. To exploit the vulnerability, the user must be able to manipulate the value in "color_cache_bits". This package is used by various applications that are also affected if a vulnerable version of "libwebp" is in use, including Google Chrome in versions prior to 116.0.5845.187.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-787 - Out-of-Bounds Write

Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.

References

Advisory Timeline

  • Published