FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libwebp heap buffer overflow

Affected packages
tor-browser < 12.5.3

Details

VuXML ID 58a738d4-57af-11ee-8c58-b42e991fc52e
Discovery 2023-09-12
Entry 2023-09-20

chrome-cve-admin@google.com reports:

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) The Tor browser is based on Firefox and GeckoView and uses also libwep so it is affected by this bug.

[source]

References

CVE Name CVE-2023-4863
URL https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.