8.8
CVE-2023-5217
- EPSS 1.8%
- Veröffentlicht 28.09.2023 16:15:10
- Zuletzt bearbeitet 03.04.2025 18:55:36
- Quelle chrome-cve-admin@google.com
- Teams Watchlist Login
- Unerledigt Login
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webmproject ≫ Libvpx Version < 1.13.1
Microsoft ≫ Edge Chromium Version116.0.5845.229
Microsoft ≫ Edge Chromium Version117.0.5938.132
Mozilla ≫ Thunderbird Version < 115.3.1
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Debian ≫ Debian Linux Version12.0
Redhat ≫ Enterprise Linux Version9.0
02.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Google Chromium libvpx Heap Buffer Overflow Vulnerability
SchwachstelleGoogle Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.8% | 0.822 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.