Amazon Linux 2 Security Advisory: ALAS-2023-2291
Advisory Release Date: 2023-10-12 15:08 Pacific
Advisory Updated Date: 2023-10-19 23:40 Pacific
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863)
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.
The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.
The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue. (CVE-2023-5129)
Affected Packages:
thunderbird
Issue Correction:
Run yum update thunderbird to update your system.
aarch64:
thunderbird-102.15.1-1.amzn2.0.1.aarch64
thunderbird-debuginfo-102.15.1-1.amzn2.0.1.aarch64
src:
thunderbird-102.15.1-1.amzn2.0.1.src
x86_64:
thunderbird-102.15.1-1.amzn2.0.1.x86_64
thunderbird-debuginfo-102.15.1-1.amzn2.0.1.x86_64