Advisories » MGASA-2023-0282

Updated libwebp packages fix a security vulnerability

Publication date: 03 Oct 2023
Modification date: 03 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-4863

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via a
crafted HTML page.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32280
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863

SRPMS

9/core

• libwebp-1.3.0-2.1.mga9

8/core

• libwebp-1.1.0-2.2.mga8