Search for vulnerabilities
Vulnerability details: VCID-5557-vu7d-aaaa
Vulnerability ID VCID-5557-vu7d-aaaa
Aliases CVE-2023-4863
GHSA-j7hp-h8jx-5ppr
Summary Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-787 Out-of-bounds Write
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3 9.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
cvssv3.1 8.8 https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
generic_textual HIGH https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
cvssv3.1 8.8 https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
ssvc Attend https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
epss 0.44315 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.44315 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.44315 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.44315 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.45590 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.45590 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.45590 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.49228 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.49228 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.49228 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.49798 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.49798 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.49798 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.54030 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.7332 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.79395 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.79395 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.79395 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.79395 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.79395 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.79395 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.79395 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.79395 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93346 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93707 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93949 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93949 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93949 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93949 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93949 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93991 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93991 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
epss 0.93991 https://api.first.org/data/v1/epss?cve=CVE-2023-4863
cvssv3.1 8.8 https://blog.isosceles.com/the-webp-0day
generic_textual HIGH https://blog.isosceles.com/the-webp-0day
cvssv3.1 8.8 https://blog.isosceles.com/the-webp-0day/
ssvc Attend https://blog.isosceles.com/the-webp-0day/
cvssv3.1 8.8 https://bugzilla.suse.com/show_bug.cgi?id=1215231
generic_textual HIGH https://bugzilla.suse.com/show_bug.cgi?id=1215231
ssvc Attend https://bugzilla.suse.com/show_bug.cgi?id=1215231
cvssv3.1 8.8 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
generic_textual HIGH https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
ssvc Attend https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
cvssv3.1 8.8 https://crbug.com/1479274
generic_textual HIGH https://crbug.com/1479274
ssvc Attend https://crbug.com/1479274
cvssv3.1 8.8 https://en.bandisoft.com/honeyview/history
generic_textual HIGH https://en.bandisoft.com/honeyview/history
cvssv3.1 8.8 https://en.bandisoft.com/honeyview/history/
ssvc Attend https://en.bandisoft.com/honeyview/history/
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
cvssv3.1 8.8 https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
generic_textual HIGH https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
cvssv3.1 8.8 https://github.com/electron/electron/pull/39823
generic_textual HIGH https://github.com/electron/electron/pull/39823
cvssv3.1 8.8 https://github.com/electron/electron/pull/39825
generic_textual HIGH https://github.com/electron/electron/pull/39825
cvssv3.1 8.8 https://github.com/electron/electron/pull/39826
generic_textual HIGH https://github.com/electron/electron/pull/39826
cvssv3.1 8.8 https://github.com/electron/electron/pull/39827
generic_textual HIGH https://github.com/electron/electron/pull/39827
cvssv3.1 8.8 https://github.com/electron/electron/pull/39828
generic_textual HIGH https://github.com/electron/electron/pull/39828
cvssv3.1 8.8 https://github.com/ImageMagick/ImageMagick/discussions/6664
generic_textual HIGH https://github.com/ImageMagick/ImageMagick/discussions/6664
cvssv3.1 8.8 https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
generic_textual HIGH https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
cvssv3.1 8.8 https://github.com/jaredforth/webp/pull/30
generic_textual HIGH https://github.com/jaredforth/webp/pull/30
cvssv3.1 8.8 https://github.com/python-pillow/Pillow/pull/7395
generic_textual HIGH https://github.com/python-pillow/Pillow/pull/7395
cvssv3.1 8.8 https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
generic_textual HIGH https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
cvssv3.1 8.8 https://github.com/qnighy/libwebp-sys2-rs/pull/21
generic_textual HIGH https://github.com/qnighy/libwebp-sys2-rs/pull/21
cvssv3.1 8.8 https://github.com/webmproject/libwebp
generic_textual HIGH https://github.com/webmproject/libwebp
cvssv3.1 8.8 https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
generic_textual HIGH https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
ssvc Attend https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
cvssv3.1 8.8 https://github.com/webmproject/libwebp/releases/tag/v1.3.2
generic_textual HIGH https://github.com/webmproject/libwebp/releases/tag/v1.3.2
ssvc Attend https://github.com/webmproject/libwebp/releases/tag/v1.3.2
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
ssvc Attend https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
ssvc Attend https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
ssvc Attend https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
cvssv3.1 8.8 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
generic_textual HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
ssvc Attend https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
cvssv3.1 8.8 https://news.ycombinator.com/item?id=37478403
generic_textual HIGH https://news.ycombinator.com/item?id=37478403
ssvc Attend https://news.ycombinator.com/item?id=37478403
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-4863
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-4863
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-4863
cvssv3.1 8.8 https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
generic_textual HIGH https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
cvssv3.1 8.8 https://rustsec.org/advisories/RUSTSEC-2023-0060.html
generic_textual HIGH https://rustsec.org/advisories/RUSTSEC-2023-0060.html
cvssv3.1 8.8 https://rustsec.org/advisories/RUSTSEC-2023-0061.html
generic_textual HIGH https://rustsec.org/advisories/RUSTSEC-2023-0061.html
cvssv3.1 8.8 https://security.gentoo.org/glsa/202309-05
generic_textual HIGH https://security.gentoo.org/glsa/202309-05
ssvc Attend https://security.gentoo.org/glsa/202309-05
cvssv3.1 8.8 https://security.gentoo.org/glsa/202401-10
generic_textual HIGH https://security.gentoo.org/glsa/202401-10
ssvc Attend https://security.gentoo.org/glsa/202401-10
cvssv3.1 8.8 https://security.netapp.com/advisory/ntap-20230929-0011
generic_textual HIGH https://security.netapp.com/advisory/ntap-20230929-0011
cvssv3.1 8.8 https://security.netapp.com/advisory/ntap-20230929-0011/
ssvc Attend https://security.netapp.com/advisory/ntap-20230929-0011/
cvssv3.1 8.8 https://security-tracker.debian.org/tracker/CVE-2023-4863
generic_textual HIGH https://security-tracker.debian.org/tracker/CVE-2023-4863
ssvc Attend https://security-tracker.debian.org/tracker/CVE-2023-4863
cvssv3.1 8.8 https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
generic_textual HIGH https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
ssvc Attend https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
cvssv3.1 8.8 https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
generic_textual HIGH https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
cvssv3.1 8.8 https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
ssvc Attend https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
cvssv3.1 8.8 https://www.bentley.com/advisories/be-2023-0001
generic_textual HIGH https://www.bentley.com/advisories/be-2023-0001
cvssv3.1 8.8 https://www.bentley.com/advisories/be-2023-0001/
ssvc Attend https://www.bentley.com/advisories/be-2023-0001/
cvssv3.1 8.8 https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
generic_textual HIGH https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
cvssv3.1 8.8 https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
ssvc Attend https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
cvssv3.1 8.8 https://www.debian.org/security/2023/dsa-5496
generic_textual HIGH https://www.debian.org/security/2023/dsa-5496
ssvc Attend https://www.debian.org/security/2023/dsa-5496
cvssv3.1 8.8 https://www.debian.org/security/2023/dsa-5497
generic_textual HIGH https://www.debian.org/security/2023/dsa-5497
ssvc Attend https://www.debian.org/security/2023/dsa-5497
cvssv3.1 8.8 https://www.debian.org/security/2023/dsa-5498
generic_textual HIGH https://www.debian.org/security/2023/dsa-5498
ssvc Attend https://www.debian.org/security/2023/dsa-5498
cvssv3.1 8.8 https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
generic_textual HIGH https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
cvssv3.1 8.8 https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
ssvc Attend https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
cvssv3.1 8.8 https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
generic_textual HIGH https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/21/4
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/21/4
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/21/4
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/22/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/22/1
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/22/1
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/22/3
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/22/3
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/22/3
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/22/4
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/22/4
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/22/4
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/22/5
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/22/5
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/22/5
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/22/6
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/22/6
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/22/6
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/22/7
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/22/7
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/22/7
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/22/8
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/22/8
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/22/8
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/26/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/26/1
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/26/1
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/26/7
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/26/7
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/26/7
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/28/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/28/1
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/28/1
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/28/2
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/28/2
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/28/2
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2023/09/28/4
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/09/28/4
ssvc Attend http://www.openwall.com/lists/oss-security/2023/09/28/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
https://api.first.org/data/v1/epss?cve=CVE-2023-4863
https://blog.isosceles.com/the-webp-0day
https://blog.isosceles.com/the-webp-0day/
https://bugzilla.suse.com/show_bug.cgi?id=1215231
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
https://crbug.com/1479274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
https://en.bandisoft.com/honeyview/history
https://en.bandisoft.com/honeyview/history/
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
https://github.com/electron/electron/pull/39823
https://github.com/electron/electron/pull/39825
https://github.com/electron/electron/pull/39826
https://github.com/electron/electron/pull/39827
https://github.com/electron/electron/pull/39828
https://github.com/ImageMagick/ImageMagick/discussions/6664
https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
https://github.com/jaredforth/webp/pull/30
https://github.com/python-pillow/Pillow/pull/7395
https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
https://github.com/qnighy/libwebp-sys2-rs/pull/21
https://github.com/webmproject/libwebp
https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
https://github.com/webmproject/libwebp/releases/tag/v1.3.2
https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
https://news.ycombinator.com/item?id=37478403
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
https://rustsec.org/advisories/RUSTSEC-2023-0060.html
https://rustsec.org/advisories/RUSTSEC-2023-0061.html
https://security.gentoo.org/glsa/202309-05
https://security.netapp.com/advisory/ntap-20230929-0011
https://security.netapp.com/advisory/ntap-20230929-0011/
https://security-tracker.debian.org/tracker/CVE-2023-4863
https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
https://www.bentley.com/advisories/be-2023-0001
https://www.bentley.com/advisories/be-2023-0001/
https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
https://www.debian.org/security/2023/dsa-5496
https://www.debian.org/security/2023/dsa-5497
https://www.debian.org/security/2023/dsa-5498
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
http://www.openwall.com/lists/oss-security/2023/09/21/4
http://www.openwall.com/lists/oss-security/2023/09/22/1
http://www.openwall.com/lists/oss-security/2023/09/22/3
http://www.openwall.com/lists/oss-security/2023/09/22/4
http://www.openwall.com/lists/oss-security/2023/09/22/5
http://www.openwall.com/lists/oss-security/2023/09/22/6
http://www.openwall.com/lists/oss-security/2023/09/22/7
http://www.openwall.com/lists/oss-security/2023/09/22/8
http://www.openwall.com/lists/oss-security/2023/09/26/1
http://www.openwall.com/lists/oss-security/2023/09/26/7
http://www.openwall.com/lists/oss-security/2023/09/28/1
http://www.openwall.com/lists/oss-security/2023/09/28/2
http://www.openwall.com/lists/oss-security/2023/09/28/4
1051787 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
2238431 https://bugzilla.redhat.com/show_bug.cgi?id=2238431
cpe:2.3:a:bandisoft:honeyview:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bandisoft:honeyview:*:*:*:*:*:*:*:*
cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:teams:1.6.00.26463:*:*:*:*:macos:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:teams:1.6.00.26463:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:teams:1.6.00.26474:*:*:*:*:desktop:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:teams:1.6.00.26474:*:*:*:*:desktop:*:*
cpe:2.3:a:microsoft:teams:*:*:*:*:desktop:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:teams:*:*:*:*:desktop:*:*:*
cpe:2.3:a:microsoft:teams:*:*:*:*:*:macos:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:teams:*:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:webp_image_extension:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:webp_image_extension:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:webp_image_extension:1.0.62681.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:webp_image_extension:1.0.62681.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863
GHSA-j7hp-h8jx-5ppr https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
GLSA-202401-10 https://security.gentoo.org/glsa/202401-10
mfsa2023-40 https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
RHSA-2023:5183 https://access.redhat.com/errata/RHSA-2023:5183
RHSA-2023:5184 https://access.redhat.com/errata/RHSA-2023:5184
RHSA-2023:5185 https://access.redhat.com/errata/RHSA-2023:5185
RHSA-2023:5186 https://access.redhat.com/errata/RHSA-2023:5186
RHSA-2023:5187 https://access.redhat.com/errata/RHSA-2023:5187
RHSA-2023:5188 https://access.redhat.com/errata/RHSA-2023:5188
RHSA-2023:5189 https://access.redhat.com/errata/RHSA-2023:5189
RHSA-2023:5190 https://access.redhat.com/errata/RHSA-2023:5190
RHSA-2023:5191 https://access.redhat.com/errata/RHSA-2023:5191
RHSA-2023:5192 https://access.redhat.com/errata/RHSA-2023:5192
RHSA-2023:5197 https://access.redhat.com/errata/RHSA-2023:5197
RHSA-2023:5198 https://access.redhat.com/errata/RHSA-2023:5198
RHSA-2023:5200 https://access.redhat.com/errata/RHSA-2023:5200
RHSA-2023:5201 https://access.redhat.com/errata/RHSA-2023:5201
RHSA-2023:5202 https://access.redhat.com/errata/RHSA-2023:5202
RHSA-2023:5204 https://access.redhat.com/errata/RHSA-2023:5204
RHSA-2023:5205 https://access.redhat.com/errata/RHSA-2023:5205
RHSA-2023:5214 https://access.redhat.com/errata/RHSA-2023:5214
RHSA-2023:5222 https://access.redhat.com/errata/RHSA-2023:5222
RHSA-2023:5223 https://access.redhat.com/errata/RHSA-2023:5223
RHSA-2023:5224 https://access.redhat.com/errata/RHSA-2023:5224
RHSA-2023:5236 https://access.redhat.com/errata/RHSA-2023:5236
RHSA-2023:5309 https://access.redhat.com/errata/RHSA-2023:5309
USN-6367-1 https://usn.ubuntu.com/6367-1/
USN-6368-1 https://usn.ubuntu.com/6368-1/
USN-6369-1 https://usn.ubuntu.com/6369-1/
USN-6369-2 https://usn.ubuntu.com/6369-2/
Data source KEV
Date added Sept. 13, 2023
Description Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.
Required action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date Oct. 4, 2023
Note 
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://blog.isosceles.com/the-webp-0day
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://blog.isosceles.com/the-webp-0day/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://blog.isosceles.com/the-webp-0day/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.suse.com/show_bug.cgi?id=1215231
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://bugzilla.suse.com/show_bug.cgi?id=1215231
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1479274
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://crbug.com/1479274
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://en.bandisoft.com/honeyview/history
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://en.bandisoft.com/honeyview/history/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://en.bandisoft.com/honeyview/history/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/electron/electron/pull/39823
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/electron/electron/pull/39825
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/electron/electron/pull/39826
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/electron/electron/pull/39827
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/electron/electron/pull/39828
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/ImageMagick/ImageMagick/discussions/6664
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/jaredforth/webp/pull/30
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/python-pillow/Pillow/pull/7395
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/qnighy/libwebp-sys2-rs/pull/21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/webmproject/libwebp
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/webmproject/libwebp/releases/tag/v1.3.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://github.com/webmproject/libwebp/releases/tag/v1.3.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://news.ycombinator.com/item?id=37478403
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://news.ycombinator.com/item?id=37478403
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://rustsec.org/advisories/RUSTSEC-2023-0060.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://rustsec.org/advisories/RUSTSEC-2023-0061.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202309-05
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://security.gentoo.org/glsa/202309-05
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202401-10
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://security.gentoo.org/glsa/202401-10
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20230929-0011
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20230929-0011/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://security.netapp.com/advisory/ntap-20230929-0011/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security-tracker.debian.org/tracker/CVE-2023-4863
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://security-tracker.debian.org/tracker/CVE-2023-4863
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.bentley.com/advisories/be-2023-0001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.bentley.com/advisories/be-2023-0001/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://www.bentley.com/advisories/be-2023-0001/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5496
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://www.debian.org/security/2023/dsa-5496
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5497
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://www.debian.org/security/2023/dsa-5497
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5498
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://www.debian.org/security/2023/dsa-5498
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/21/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/21/4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/22/8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/22/8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/26/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/26/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/26/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/26/7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/28/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/28/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/28/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/28/2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/28/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/28/4
Exploit Prediction Scoring System (EPSS)
Percentile 0.97496
EPSS Score 0.44315
Published At Nov. 21, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.