.avif)
View all vulnerabilities
CVE-2023-4863
libwebp: OOB write in BuildHuffmanTable
Description
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
8.7
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Versions
libwebp-sys2 < 0.1.8; libwebp-sys < 0.9.3; electron >= 22.0.0 < 22.3.24; electron >= 24.0.0 < 24.8.3; electron >= 25.0.0 < 25.8.1; electron >= 26.0.0 < 26.2.1; electron >= 27.0.0-beta.1 < 27.0.0-beta.2; SkiaSharp >= 2.0.0 < 2.88.6; github.com/chai2010/webp >= 1.1.2 < 1.4.0; pillow < 10.0.1; webp < 0.2.6; magick.net-q16-anycpu < 13.3.0; magick.net-q16-hdri-anycpu < 13.3.0; magick.net-q16-x64 < 13.3.0; magick.net-q8-anycpu < 13.3.0; magick.net-q8-openmp-x64 < 13.3.0; magick.net-q8-x64 < 13.3.0; github.com/chai2010/webp < 0.0.0-20250406010349-76805d5a8860; github.com/chai2010/webp >= 0.0.0 < 1.1.2-0.20250406010349-76805d5a8860
Severity
High
High
High
Ecosystem
GO
Publish Date
September 12, 2023
Modified Date
July 9, 2025