0day CVE-2023-5129 with a severity index of 10

A critical in WebP (heap buffer overflow in the book libwepb), which was originally listed as CVE-2023-4863 and registered specifically for Google Chrome.

screenshot 2023 09 26 20 09 20

So we just learned that Google has issued a separate CVE, which is tracked at CVE-2023-5129. The severity score for this particular 0day is at 10, meaning it has the highest rating.

What does this mean; This is not a new one στο libwebp. Είναι το ίδιο σφάλμα που περιγράφεται στο CVE-2023-4863, αλλά τώρα αναφέρεται πιο σωστά σαν σφάλμα στο WebP και όχι σαν “σφάλμα του ".

Versions affected by this bug are 0.5.0 to 1.3.2. The type of software affected is almost any software that directly uses the WebP Codec to render images.

Only the last ones weeks, except for the major browsers (most of which have been fixed by now) – I've seen fixes from Red Hat and in software such as Puppeteer and the .NET library for ImageMagick.

Ben Hawkes (former director of Project Zero) wrote about it on 0day:

The bad news is that Android is still likely to be affected. As with Apple's ImageIO, Android has a feature called BitmapFactory that handles the de and of course it is supported by libwebp. To date, Android has not released an update that fixes CVE-2023-4863. To put this into context: if this bug affects Android, then exploits could potentially be released for remote attacks on apps like and WhatsApp. I would expect it to be fixed with the October updates.

Ben's article also has a Proof of example along with other interesting ones .

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).