Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
03 Apr 2025, 18:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple ipados
|
|
CPE | cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:* |
cpe:2.3:o:apple:ipados:16.7:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
20 Dec 2024, 19:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* |
First Time |
Redhat
Redhat enterprise Linux |
|
References | () https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html - Vendor Advisory | |
References | () https://crbug.com/1486441 - Exploit, Issue Tracking | |
References | () https://security-tracker.debian.org/tracker/CVE-2023-5217 - Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5508 - Mailing List | |
References | () https://www.debian.org/security/2023/dsa-5509 - Mailing List | |
References | () https://www.debian.org/security/2023/dsa-5510 - Mailing List |
Information
Published : 2023-09-28 16:15
Updated : 2025-04-03 18:55
NVD link : CVE-2023-5217
Mitre link : CVE-2023-5217
CVE.ORG link : CVE-2023-5217
JSON object : View
Products Affected
mozilla
- thunderbird
- firefox
microsoft
- edge
- edge_chromium
webmproject
- libvpx
fedoraproject
- fedora
redhat
- enterprise_linux
debian
- debian_linux
apple
- ipados
- iphone_os
- chrome
CWE
CWE-787
Out-of-bounds Write