VulnerableCode Package Details - pkg:nuget/CefSharp.Common.NETCore@98.1.190

Search for packages

Vulnerability	Summary	Fixed by
VCID-1czj-3tfw-ebc7 Aliases: CVE-2022-0609 GHSA-vv6j-ww6x-54gx GMS-2022-140 GMS-2022-141 GMS-2022-142 GMS-2022-143 GMS-2022-144 GMS-2022-145 GMS-2022-146 GMS-2022-147 GMS-2022-148	Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	98.1.210 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rhqa-79fn-kka5 Aliases: GHSA-4c29-gfrp-g6x9 GMS-2023-3094 GMS-2023-3096	CefSharp affected by libvpx's heap buffer overflow in vp8 encoding Google is aware that an exploit for CVE-2023-5217 exists in the wild. Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) References - https://www.cve.org/CVERecord?id=CVE-2023-5217 - https://nvd.nist.gov/vuln/detail/CVE-2023-5217	117.2.20 Affected by 0 other vulnerabilities.
VCID-v6vr-5eq9-w7ch Aliases: GHSA-j646-gj5p-p45g GMS-2023-2464 GMS-2023-2465	CefSharp affected by heap buffer overflow in WebP Google is aware that an exploit for [CVE-2023-4863](https://www.cve.org/CVERecord?id=CVE-2023-4863) exists in the wild. ### Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) ### References - https://www.cve.org/CVERecord?id=CVE-2023-4863 - https://nvd.nist.gov/vuln/detail/CVE-2023-4863 - https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability --- Updated There is another related security vulnerability. > There's another related CVE ([CVE-2023-5217](https://nvd.nist.gov/vuln/detail/CVE-2023-5217)) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (`--disable-blink-features=WebCodecs`). As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150	116.0.230 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1czj-3tfw-ebc7
Aliases:
CVE-2022-0609
GHSA-vv6j-ww6x-54gx
GMS-2022-140
GMS-2022-141
GMS-2022-142
GMS-2022-143
GMS-2022-144
GMS-2022-145
GMS-2022-146
GMS-2022-147
GMS-2022-148

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

98.1.210
Affected by 2 other vulnerabilities.

VCID-rhqa-79fn-kka5
Aliases:
GHSA-4c29-gfrp-g6x9
GMS-2023-3094
GMS-2023-3096

CefSharp affected by libvpx's heap buffer overflow in vp8 encoding Google is aware that an exploit for CVE-2023-5217 exists in the wild. Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) References - https://www.cve.org/CVERecord?id=CVE-2023-5217 - https://nvd.nist.gov/vuln/detail/CVE-2023-5217

117.2.20
Affected by 0 other vulnerabilities.

VCID-v6vr-5eq9-w7ch
Aliases:
GHSA-j646-gj5p-p45g
GMS-2023-2464
GMS-2023-2465

CefSharp affected by heap buffer overflow in WebP **Google is aware that an exploit for [CVE-2023-4863](https://www.cve.org/CVERecord?id=CVE-2023-4863) exists in the wild.** ### Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) ### References - https://www.cve.org/CVERecord?id=CVE-2023-4863 - https://nvd.nist.gov/vuln/detail/CVE-2023-4863 - https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability --- **Updated** There is another related security vulnerability. > There's another related CVE ([CVE-2023-5217](https://nvd.nist.gov/vuln/detail/CVE-2023-5217)) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (`--disable-blink-features=WebCodecs`). As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150

116.0.230
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T11:22:02.493229+00:00	GitLab Importer	Affected by	VCID-rhqa-79fn-kka5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/CefSharp.Common.NETCore/GMS-2023-3096.yml	37.0.0
2025-08-01T11:20:56.595667+00:00	GitLab Importer	Affected by	VCID-v6vr-5eq9-w7ch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/CefSharp.Common.NETCore/GMS-2023-2465.yml	37.0.0
2025-07-31T12:31:22.772154+00:00	GHSA Importer	Affected by	VCID-1czj-3tfw-ebc7	https://github.com/advisories/GHSA-vv6j-ww6x-54gx	37.0.0
2025-07-31T09:26:13.811931+00:00	GitLab Importer	Affected by	VCID-1czj-3tfw-ebc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/CefSharp.Common.NETCore/GMS-2022-141.yml	37.0.0