Search for vulnerabilities
Vulnerability details: VCID-v6vr-5eq9-w7ch
Vulnerability ID VCID-v6vr-5eq9-w7ch
Aliases GHSA-j646-gj5p-p45g
GMS-2023-2464
GMS-2023-2465
Summary CefSharp affected by heap buffer overflow in WebP **Google is aware that an exploit for [CVE-2023-4863](https://www.cve.org/CVERecord?id=CVE-2023-4863) exists in the wild.** ### Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) ### References - https://www.cve.org/CVERecord?id=CVE-2023-4863 - https://nvd.nist.gov/vuln/detail/CVE-2023-4863 - https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability --- **Updated** There is another related security vulnerability. > There's another related CVE ([CVE-2023-5217](https://nvd.nist.gov/vuln/detail/CVE-2023-5217)) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (`--disable-blink-features=WebCodecs`). As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-j646-gj5p-p45g
generic_textual CRITICAL https://github.com/cefsharp/CefSharp
generic_textual CRITICAL https://github.com/cefsharp/CefSharp/commit/f2890ba66170afb0bf742839febe4d20449f758c
generic_textual CRITICAL https://github.com/cefsharp/CefSharp/releases/tag/v116.0.230
cvssv3.1_qr CRITICAL https://github.com/cefsharp/CefSharp/security/advisories/GHSA-j646-gj5p-p45g
generic_textual CRITICAL https://github.com/cefsharp/CefSharp/security/advisories/GHSA-j646-gj5p-p45g
Reference id Reference type URL
https://github.com/cefsharp/CefSharp
https://github.com/cefsharp/CefSharp/commit/f2890ba66170afb0bf742839febe4d20449f758c
https://github.com/cefsharp/CefSharp/releases/tag/v116.0.230
https://github.com/cefsharp/CefSharp/security/advisories/GHSA-j646-gj5p-p45g
GHSA-j646-gj5p-p45g https://github.com/advisories/GHSA-j646-gj5p-p45g
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-07-31T08:41:18.510903+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-j646-gj5p-p45g/GHSA-j646-gj5p-p45g.json 37.0.0