CVE-2023-4863

Description

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

NVD
Severity: HIGH
CVE ID: CVE-2023-4863
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

mistymntncop

Refrence: GitHub

bbaranoff

Refrence: GitHub

talbeerysec

BAD-WEBP-CVE-2023-4863

Refrence: GitHub

OITApps

Scans an executable and determines if it was wrapped in an Electron version vulnerable to the Chromium vulnerability CVE-2023-4863/ CVE-2023-5129

Refrence: GitHub

GTGalaxi

Find Electron Apps Vulnerable to CVE-2023-4863 / CVE-2023-5129

Refrence: GitHub

murphysecurity

A tool for finding vulnerable libwebp(CVE-2023-4863)

Refrence: GitHub

LiveOverflow

Refrence: GitHub

caoweiquan322

This tool calculates tricky canonical huffman histogram for CVE-2023-4863.

Refrence: GitHub

CrackerCat

Triggering the famous libweb 0day vuln with libfuzzer

Refrence: GitHub

alsaeroth

C implementation of libwebp 0-click vulnerability

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept