VYPR
High severityCISA KEVNVD Advisory· Published Sep 12, 2023· Updated Oct 21, 2025

CVE-2023-4863

CVE-2023-4863

Description

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
libwebp-sys2crates.io
< 0.1.80.1.8
libwebp-syscrates.io
< 0.9.30.9.3
electronnpm
>= 22.0.0, < 22.3.2422.3.24
electronnpm
>= 24.0.0, < 24.8.324.8.3
electronnpm
>= 25.0.0, < 25.8.125.8.1
electronnpm
>= 26.0.0, < 26.2.126.2.1
electronnpm
>= 27.0.0-beta.1, < 27.0.0-beta.227.0.0-beta.2
SkiaSharpNuGet
>= 2.0.0, < 2.88.62.88.6
github.com/chai2010/webpGo
>= 1.1.2, < 1.4.01.4.0
PillowPyPI
< 10.0.110.0.1
webpcrates.io
< 0.2.60.2.6
magick.net-q16-anycpuNuGet
< 13.3.013.3.0
magick.net-q16-hdri-anycpuNuGet
< 13.3.013.3.0
magick.net-q16-x64NuGet
< 13.3.013.3.0
magick.net-q8-anycpuNuGet
< 13.3.013.3.0
magick.net-q8-openmp-x64NuGet
< 13.3.013.3.0
magick.net-q8-x64NuGet
< 13.3.013.3.0
github.com/chai2010/webpGo
< 0.0.0-20250406010349-76805d5a88600.0.0-20250406010349-76805d5a8860
github.com/chai2010/webpGo
>= 0.0.0, < 1.1.2-0.20250406010349-76805d5a88601.1.2-0.20250406010349-76805d5a8860

Affected products

101

Patches

Vulnerability mechanics

References

77

News mentions

0

No linked articles in our index yet.