CVE-2023-4863CISA KEV: Actively Exploited

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

Published Sep 13, 2023·Updated Sep 13, 2023

Description

Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.

Public Exploits & PoCs10 found

PoC: NotEnough

This tool calculates tricky canonical huffman histogram for CVE-2023-4863.

5

PoC: aegisgraph

AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface.

PoC: CVE-2023-4863-POC

C implementation of libwebp 0-click vulnerability

PoC: CVE-2023-4863-

Triggering the famous libweb 0day vuln with libfuzzer

PoC: CVE-2023-4863

Triggering the famous libweb 0day vuln with libfuzzer

PoC: libwebp-checker

A tool for finding vulnerable libwebp(CVE-2023-4863)

PoC: ElectronVulnerableVersion

Find Electron Apps Vulnerable to CVE-2023-4863 / CVE-2023-5129

PoC: Find-VulnerableElectronVersion

Scans an executable and determines if it was wrapped in an Electron version vulnerable to the Chromium vulnerability CVE-2023-4863/ CVE-2023-5129

PoC: BAD-WEBP-CVE-2023-4863

BAD-WEBP-CVE-2023-4863

PoC: CVE-2023-4863

CVE-2023-4863 POC

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free