Bug 1215347

Summary:	VUL-0: CVE-2023-4863: zola: Heap buffer overflow in WebP
Product:	[openSUSE] openSUSE Tumbleweed	Reporter:	Carlos López <carlos.lopez>
Component:	Security	Assignee:	Soc Virnyl Estela <uncomfy+openbuildservice>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Critical
Priority:	P3 - Medium	CC:	Andreas.Stieger, gianluca.gabrielli, gmbr3, gnome-bugs, jengelh, m.szczepaniak.000, martin.sirringhaus, meissner, security-team, wolfgang, xiaoguang.wang
Version:	Current
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/377966/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:	1215231
Bug Blocks:

Description Carlos López 2023-09-14 12:42:19 UTC

+++ This bug was initially created as a clone of Bug #1215231 +++

CVE-2023-4863

The Stable and Extended stable channels has been updated to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=1479274

References:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4863
https://bugzilla.redhat.com/show_bug.cgi?id=2238431

Comment 1 Carlos López 2023-09-14 12:43:27 UTC

openSUSE:Factory/zola depends on the libwebp-sys crate, which links against a bundled version of libwebp that is vulnerable.