VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json
epss	0.04976	https://api.first.org/data/v1/epss?cve=CVE-2023-5217
cvssv3.1	8.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2023-44

System

Score

Found at

cvssv3

8.8

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json

epss

0.04976

https://api.first.org/data/v1/epss?cve=CVE-2023-5217

cvssv3.1

8.4

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

generic_textual

critical

https://www.mozilla.org/en-US/security/advisories/mfsa2023-44

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json

https://api.first.org/data/v1/epss?cve=CVE-2023-5217

https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/

https://bugzilla.redhat.com/show_bug.cgi?id=2241191

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

https://crbug.com/1486441

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://github.com/electron/electron/pull/40022

https://github.com/electron/electron/pull/40023

https://github.com/electron/electron/pull/40024

https://github.com/electron/electron/pull/40025

https://github.com/electron/electron/pull/40026

https://github.com/electron/electron/releases/tag/v22.3.25

https://github.com/electron/electron/releases/tag/v24.8.5

https://github.com/electron/electron/releases/tag/v25.8.4

https://github.com/electron/electron/releases/tag/v26.2.4

https://github.com/electron/electron/releases/tag/v27.0.0-beta.8

https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590

https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282

https://github.com/webmproject/libvpx/releases/tag/v1.13.1

https://github.com/webmproject/libvpx/tags

https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html

https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/

https://pastebin.com/TdkC4pDv

https://security.gentoo.org/glsa/202310-04

https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/

https://twitter.com/maddiestone/status/1707163313711497266

https://www.debian.org/security/2023/dsa-5508

https://www.debian.org/security/2023/dsa-5509

https://www.debian.org/security/2023/dsa-5510

https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/

https://www.openwall.com/lists/oss-security/2023/09/28/5

http://www.openwall.com/lists/oss-security/2023/09/28/5

http://www.openwall.com/lists/oss-security/2023/09/28/6

http://www.openwall.com/lists/oss-security/2023/09/29/1

http://www.openwall.com/lists/oss-security/2023/09/29/11

http://www.openwall.com/lists/oss-security/2023/09/29/12

http://www.openwall.com/lists/oss-security/2023/09/29/14

http://www.openwall.com/lists/oss-security/2023/09/29/2

http://www.openwall.com/lists/oss-security/2023/09/29/7

http://www.openwall.com/lists/oss-security/2023/09/29/9

http://www.openwall.com/lists/oss-security/2023/09/30/1

http://www.openwall.com/lists/oss-security/2023/09/30/2

http://www.openwall.com/lists/oss-security/2023/09/30/3

http://www.openwall.com/lists/oss-security/2023/09/30/4

http://www.openwall.com/lists/oss-security/2023/09/30/5

http://www.openwall.com/lists/oss-security/2023/10/01/1

http://www.openwall.com/lists/oss-security/2023/10/01/2

http://www.openwall.com/lists/oss-security/2023/10/01/5

http://www.openwall.com/lists/oss-security/2023/10/02/6

http://www.openwall.com/lists/oss-security/2023/10/03/11

CVE-2023-5217

https://nvd.nist.gov/vuln/detail/CVE-2023-5217

CVE-2023-5217

https://security-tracker.debian.org/tracker/CVE-2023-5217

GHSA-qqvq-6xgj-jw8g

https://github.com/advisories/GHSA-qqvq-6xgj-jw8g

mfsa2023-44

https://www.mozilla.org/en-US/security/advisories/mfsa2023-44

RHSA-2023:5426

https://access.redhat.com/errata/RHSA-2023:5426

RHSA-2023:5427

https://access.redhat.com/errata/RHSA-2023:5427

RHSA-2023:5428

https://access.redhat.com/errata/RHSA-2023:5428

RHSA-2023:5429

https://access.redhat.com/errata/RHSA-2023:5429

RHSA-2023:5430

https://access.redhat.com/errata/RHSA-2023:5430

RHSA-2023:5432

https://access.redhat.com/errata/RHSA-2023:5432

RHSA-2023:5433

https://access.redhat.com/errata/RHSA-2023:5433

RHSA-2023:5434

https://access.redhat.com/errata/RHSA-2023:5434

RHSA-2023:5435

https://access.redhat.com/errata/RHSA-2023:5435

RHSA-2023:5436

https://access.redhat.com/errata/RHSA-2023:5436

RHSA-2023:5437

https://access.redhat.com/errata/RHSA-2023:5437

RHSA-2023:5438

https://access.redhat.com/errata/RHSA-2023:5438

RHSA-2023:5439

https://access.redhat.com/errata/RHSA-2023:5439

RHSA-2023:5440

https://access.redhat.com/errata/RHSA-2023:5440

RHSA-2023:5475

https://access.redhat.com/errata/RHSA-2023:5475

RHSA-2023:5477

https://access.redhat.com/errata/RHSA-2023:5477

RHSA-2023:5534

https://access.redhat.com/errata/RHSA-2023:5534

RHSA-2023:5535

https://access.redhat.com/errata/RHSA-2023:5535

RHSA-2023:5536

https://access.redhat.com/errata/RHSA-2023:5536

RHSA-2023:5537

https://access.redhat.com/errata/RHSA-2023:5537

RHSA-2023:5538

https://access.redhat.com/errata/RHSA-2023:5538

RHSA-2023:5539

https://access.redhat.com/errata/RHSA-2023:5539

RHSA-2023:5540

https://access.redhat.com/errata/RHSA-2023:5540

Data source	KEV
Date added	Oct. 2, 2023
Description	Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
Required action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date	Oct. 23, 2023
Note	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217
Ransomware campaign use	Unknown

KEV

Oct. 2, 2023

Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Oct. 23, 2023

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Unknown

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T21:02:02.733134+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electron/CVE-2023-5217.yml	38.6.0

2026-05-30T21:02:02.733134+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electron/CVE-2023-5217.yml

38.6.0

Vulnerability ID	VCID-8n69-6muc-dqae
Aliases	CVE-2023-5217 GHSA-qqvq-6xgj-jw8g
Summary	Out-of-bounds Write Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Status	Published
Exploitability	2.0
Weighted Severity	7.9
Risk	10.0
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-707	Improper Neutralization
CWE-787	Out-of-bounds Write
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer

Percentile	0.89842
EPSS Score	0.04976
Published At	May 30, 2026, 12:55 p.m.