CVE-2023-5217

high-risk

Published 2023-09-28

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Do I need to act?

3.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Libvpx

Edge

Edge Chromium

Firefox

Thunderbird

Fedora

Debian Linux

Ipados

Iphone Os

Chrome

Affected Vendors

Debian Redhat Microsoft Apple Mozilla Google Fedoraproject Webmproject

References (105)

Mailing List http://seclists.org/fulldisclosure/2023/Oct/12

Mailing List http://seclists.org/fulldisclosure/2023/Oct/16

Mailing List http://www.openwall.com/lists/oss-security/2023/09/28/5

Mailing List http://www.openwall.com/lists/oss-security/2023/09/28/6

Mailing List http://www.openwall.com/lists/oss-security/2023/09/29/1

Mailing List http://www.openwall.com/lists/oss-security/2023/09/29/11

Mailing List http://www.openwall.com/lists/oss-security/2023/09/29/12

Mailing List http://www.openwall.com/lists/oss-security/2023/09/29/14

Mailing List http://www.openwall.com/lists/oss-security/2023/09/29/2

Mailing List http://www.openwall.com/lists/oss-security/2023/09/29/7

Mailing List http://www.openwall.com/lists/oss-security/2023/09/29/9

Mailing List http://www.openwall.com/lists/oss-security/2023/09/30/1

Mailing List http://www.openwall.com/lists/oss-security/2023/09/30/2

Mailing List http://www.openwall.com/lists/oss-security/2023/09/30/3

Mailing List http://www.openwall.com/lists/oss-security/2023/09/30/4

Mailing List http://www.openwall.com/lists/oss-security/2023/09/30/5

Mailing List http://www.openwall.com/lists/oss-security/2023/10/01/1

Mailing List http://www.openwall.com/lists/oss-security/2023/10/01/2

Mailing List http://www.openwall.com/lists/oss-security/2023/10/01/5

Mailing List http://www.openwall.com/lists/oss-security/2023/10/02/6

and 85 more references

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 14/34 · Moderate

Exposure 20/34 · Moderate