| Bug ID | 1215347 |
|---|---|
| Summary | VUL-0: CVE-2023-4863: zola: Heap buffer overflow in WebP |
| Classification | openSUSE |
| Product | openSUSE Tumbleweed |
| Version | Current |
| Hardware | Other |
| URL | https://smash.suse.de/issue/377966/ |
| OS | Other |
| Status | NEW |
| Severity | Critical |
| Priority | P5 - None |
| Component | Security |
| Assignee | socvirnyl.estela@gmail.com |
| Reporter | carlos.lopez@suse.com |
| QA Contact | security-team@suse.de |
| CC | Andreas.Stieger@gmx.de, gianluca.gabrielli@suse.com, gmbr3@opensuse.org, gnome-bugs@suse.de, jengelh@inai.de, m.szczepaniak.000@gmail.com, martin.sirringhaus@suse.com, meissner@suse.com, security-team@suse.de, wolfgang@rosenauer.org, xiaoguang.wang@suse.com |
| Depends on | 1215231 |
| Target Milestone | --- |
| Found By | Security Response Team |
| Blocker | --- |
+++ This bug was initially created as a clone of Bug #1215231 +++ CVE-2023-4863 The Stable and Extended stable channels has been updated to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06 Google is aware that an exploit for CVE-2023-4863 exists in the wild. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=1479274 References: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431