CVE-2023-4863

Vulnerability updated a month ago (2024-11-29T14:47:02.550Z)
Download STIX
Preview STIX
CVE-2023-4863 is a critical vulnerability that has been identified in various major software applications, including Microsoft Windows and Server, Microsoft Edge, Microsoft Office, Word and 365 Apps, Google Chrome, Mozilla Firefox and Thunderbird, and the libwebp library used for handling WebP bitmap images. The flaw, a heap buffer overflow, was first reported to be exploited in the wild in September and has since been patched by multiple vendors. Initially thought to be specific to Google Chrome, it was later revealed that the vulnerability was present in the libwebp image processing library, affecting a broader range of applications. Google played a significant role in addressing CVE-2023-4863, patching the vulnerability twice in October, once in Chrome and once in the open-source library libwebp, which also impacted Android device models through the Arm Mali GPU driver. Google's patches followed the version numbers "116.0.5845.187 for Mac and Linux" and "116.0.5845.187/.188 for Windows". Meanwhile, Mozilla released a patch for Firefox and Thunderbird, further mitigating the risk posed by this critical flaw. Microsoft also responded promptly to the threat, releasing advisories and patches for its affected products, including Windows, Server, Edge, Office, Word, and 365 Apps. Notably, the company addressed not only CVE-2023-4863 but also other vulnerabilities such as CVE-2023-36761 and CVE-2023-36802 that were being actively exploited. In the wake of these developments, experts have stressed the importance of timely patching and have called attention to the ongoing potential for vulnerabilities in widely-used libraries like libwebp.
Description last updated: 2024-05-04T16:21:09.904Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Google
Chrome
Chromium
Zero Day
Microsoft
Exploit
Firefox
Mozilla
Apple
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the CVE-2023-4863 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
7 months ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securelist
a year ago
Securityaffairs
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CrowdStrike
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago