https://bugzilla.suse.com/show_bug.cgi?id=1215347 Bug ID: 1215347 Summary: VUL-0: CVE-2023-4863: zola: Heap buffer overflow in WebP Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://smash.suse.de/issue/377966/ OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security Assignee: socvirnyl.estela@gmail.com Reporter: carlos.lopez@suse.com QA Contact: security-team@suse.de CC: Andreas.Stieger@gmx.de, gianluca.gabrielli@suse.com, gmbr3@opensuse.org, gnome-bugs@suse.de, jengelh@inai.de, m.szczepaniak.000@gmail.com, martin.sirringhaus@suse.com, meissner@suse.com, security-team@suse.de, wolfgang@rosenauer.org, xiaoguang.wang@suse.com Depends on: 1215231 Target Milestone: --- Found By: Security Response Team Blocker: --- +++ This bug was initially created as a clone of Bug #1215231 +++ CVE-2023-4863 The Stable and Extended stable channels has been updated to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06 Google is aware that an exploit for CVE-2023-4863 exists in the wild. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=1479274 References: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desk... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 -- You are receiving this mail because: You are on the CC list for the bug.