{"url":"http://public2.vulnerablecode.io/api/packages/66895?format=json","purl":"pkg:conan/libwebp@1.3.2","type":"conan","namespace":"","name":"libwebp","version":"1.3.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/972?format=json","vulnerability_id":"VCID-k669-cacz-9fcd","summary":"Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. *Note: This advisory was previously also tracked as CVE-2023-5129.*","references":[{"reference_url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway","reference_id":"","reference_type":"","scores":[],"url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway"},{"reference_url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/","reference_id":"","reference_type":"","scores":[],"url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"},{"reference_url":"https://blog.isosceles.com/the-webp-0day","reference_id":"","reference_type":"","scores":[],"url":"https://blog.isosceles.com/the-webp-0day"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1215231","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1215231"},{"reference_url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html","reference_id":"","reference_type":"","scores":[],"url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"},{"reference_url":"https://crbug.com/1479274","reference_id":"","reference_type":"","scores":[],"url":"https://crbug.com/1479274"},{"reference_url":"https://en.bandisoft.com/honeyview/history","reference_id":"","reference_type":"","scores":[],"url":"https://en.bandisoft.com/honeyview/history"},{"reference_url":"https://en.bandisoft.com/honeyview/history/","reference_id":"","reference_type":"","scores":[],"url":"https://en.bandisoft.com/honeyview/history/"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0"},{"reference_url":"https://github.com/electron/electron/pull/39823","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/pull/39823"},{"reference_url":"https://github.com/electron/electron/pull/39825","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/pull/39825"},{"reference_url":"https://github.com/electron/electron/pull/39826","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/pull/39826"},{"reference_url":"https://github.com/electron/electron/pull/39827","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/pull/39827"},{"reference_url":"https://github.com/electron/electron/pull/39828","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/pull/39828"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/discussions/6664","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ImageMagick/ImageMagick/discussions/6664"},{"reference_url":"https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc"},{"reference_url":"https://github.com/jaredforth/webp/pull/30","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jaredforth/webp/pull/30"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/7395","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python-pillow/Pillow/pull/7395"},{"reference_url":"https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b"},{"reference_url":"https://github.com/qnighy/libwebp-sys2-rs/pull/21","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/qnighy/libwebp-sys2-rs/pull/21"},{"reference_url":"https://github.com/webmproject/libwebp","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/webmproject/libwebp"},{"reference_url":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"},{"reference_url":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I"},{"reference_url":"https://news.ycombinator.com/item?id=37478403","reference_id":"","reference_type":"","scores":[],"url":"https://news.ycombinator.com/item?id=37478403"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security","reference_id":"","reference_type":"","scores":[],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0060.html","reference_id":"","reference_type":"","scores":[],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0060.html"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0061.html","reference_id":"","reference_type":"","scores":[],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0061.html"},{"reference_url":"https://security.gentoo.org/glsa/202309-05","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202309-05"},{"reference_url":"https://security.gentoo.org/glsa/202401-10","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-10"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230929-0011","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230929-0011"},{"reference_url":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16","reference_id":"","reference_type":"","scores":[],"url":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"},{"reference_url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863","reference_id":"","reference_type":"","scores":[],"url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863"},{"reference_url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/","reference_id":"","reference_type":"","scores":[],"url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"},{"reference_url":"https://www.bentley.com/advisories/be-2023-0001","reference_id":"","reference_type":"","scores":[],"url":"https://www.bentley.com/advisories/be-2023-0001"},{"reference_url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks","reference_id":"","reference_type":"","scores":[],"url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks"},{"reference_url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/","reference_id":"","reference_type":"","scores":[],"url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5496","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2023/dsa-5496"},{"reference_url":"https://www.debian.org/security/2023/dsa-5497","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2023/dsa-5497"},{"reference_url":"https://www.debian.org/security/2023/dsa-5498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2023/dsa-5498"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"},{"reference_url":"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863","reference_id":"","reference_type":"","scores":[],"url":"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863","reference_id":"CVE-2023-4863","reference_type":"","scores":[],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-4863","reference_id":"CVE-2023-4863","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2023-4863"},{"reference_url":"https://github.com/advisories/GHSA-j7hp-h8jx-5ppr","reference_id":"GHSA-j7hp-h8jx-5ppr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j7hp-h8jx-5ppr"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40","reference_id":"mfsa2023-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66895?format=json","purl":"pkg:conan/libwebp@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libwebp@1.3.2"}],"aliases":["CVE-2023-4863","GHSA-j7hp-h8jx-5ppr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k669-cacz-9fcd"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/libwebp@1.3.2"}