Bugzilla – Bug 1215347
VUL-0: CVE-2023-4863: zola: Heap buffer overflow in WebP
Last modified: 2023-09-14 13:15:01 UTC
+++ This bug was initially created as a clone of Bug #1215231 +++ CVE-2023-4863 The Stable and Extended stable channels has been updated to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06 Google is aware that an exploit for CVE-2023-4863 exists in the wild. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=1479274 References: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431
openSUSE:Factory/zola depends on the libwebp-sys crate, which links against a bundled version of libwebp that is vulnerable.