Seal Security

CVE-2023-4863

libwebp: OOB write in BuildHuffmanTable

Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

8.7

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Versions

libwebp-sys2 < 0.1.8; libwebp-sys < 0.9.3; electron >= 22.0.0 < 22.3.24; electron >= 24.0.0 < 24.8.3; electron >= 25.0.0 < 25.8.1; electron >= 26.0.0 < 26.2.1; electron >= 27.0.0-beta.1 < 27.0.0-beta.2; SkiaSharp >= 2.0.0 < 2.88.6; github.com/chai2010/webp >= 1.1.2 < 1.4.0; pillow < 10.0.1; webp < 0.2.6; magick.net-q16-anycpu < 13.3.0; magick.net-q16-hdri-anycpu < 13.3.0; magick.net-q16-x64 < 13.3.0; magick.net-q8-anycpu < 13.3.0; magick.net-q8-openmp-x64 < 13.3.0; magick.net-q8-x64 < 13.3.0; github.com/chai2010/webp < 0.0.0-20250406010349-76805d5a8860; github.com/chai2010/webp >= 0.0.0 < 1.1.2-0.20250406010349-76805d5a8860

Severity

High

Ecosystem

JavaScript

Publish Date

September 12, 2023

Modified Date

July 9, 2025