vulnerability
Amazon Linux 2023: CVE-2023-4863: Important priority package update for libwebp
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Sep 11, 2023 | Feb 17, 2025 | Dec 4, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Sep 11, 2023
Added
Feb 17, 2025
Modified
Dec 4, 2025
Description
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Solutions
amazon-linux-2023-upgrade-libwebpamazon-linux-2023-upgrade-libwebp-debuginfoamazon-linux-2023-upgrade-libwebp-debugsourceamazon-linux-2023-upgrade-libwebp-develamazon-linux-2023-upgrade-libwebp-javaamazon-linux-2023-upgrade-libwebp-java-debuginfoamazon-linux-2023-upgrade-libwebp-toolsamazon-linux-2023-upgrade-libwebp-tools-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.