Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-1999

Published: 20/06/2023 Updated: 17/09/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Libwebp

Vulnerability Summary

A double-free in libwebp could have led to memory corruption and a potentially exploitable crash. (CVE-2023-1999) In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. (CVE-2023-32205) The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have led to a crash in the RLBox Expat driver. (CVE-2023-32206) The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an malicious user to trick a user into granting permissions. (CVE-2023-32207) The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled. (CVE-2023-32211) The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have positioned a `datalist` element to obscure the address bar. (CVE-2023-32212) The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit. (CVE-2023-32213) Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2023-32215)

Vulnerable Product Search on Vulmon Subscribe to Product

webmproject libwebp

Vendor Advisories

Debian CVElist Bug Report Logs: libwebp: CVE-2023-1999
Debian Bug report logs - #1035371 libwebp: CVE-2023-1999 Package: src:libwebp; Maintainer for src:libwebp is Jeff Breidenbach <jab@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 2 May 2023 08:15:01 UTC Severity: grave Tags: security, upstream Found in version libwebp/124-01 Re ...
Debian Security Advisories: DSA-5408-1 libwebp -- security update
Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service For the stable distribution (bullseye), this problem has been fixed in version 061-21+deb11u1 We recommend that you upgrade your libwebp packages For the detailed security status of libwebp please refer to its security track ...
Amazon Linux 2: ALASFIREFOX-2023-005
A double-free in libwebp could have led to memory corruption and a potentially exploitable crash (CVE-2023-1999) In multiple cases browser prompts could have been obscured by popups controlled by content These could have led to potential user confusion and spoofing attacks (CVE-2023-32205) The Mozilla Foundation Security Advisory describes this ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Red Hat: Important: libwebp security update
Synopsis Important: libwebp security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libwebp is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a ...
Red Hat: Important: libwebp security update
Synopsis Important: libwebp security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libwebp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: libwebp security update
Synopsis Important: libwebp security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libwebp is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Red Hat: Important: libwebp security update
Synopsis Important: libwebp security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libwebp is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Securit ...
Red Hat: Important: libwebp security update
Synopsis Important: libwebp security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libwebp is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: libwebp security update
Synopsis Important: libwebp security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libwebp is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Tel ...
Red Hat: Important: libwebp security update
Synopsis Important: libwebp security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libwebp is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: libwebp security update
Synopsis Important: libwebp security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libwebp is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Moderate: OpenShift Container Platform 4.12.16 security update
Synopsis Moderate: OpenShift Container Platform 41216 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41216 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pla ...
Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update
Synopsis Important: Migration Toolkit for Containers (MTC) 1710 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 1710 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.6.6 security fixes and container updates
Synopsis Critical: Red Hat Advanced Cluster Management 266 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 266 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.5.9 security fixes and container updates
Synopsis Critical: Red Hat Advanced Cluster Management 259 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 259 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...
Red Hat:
Description<!---->The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crashThe Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash ...

References

CWE-415CWE-416https://chromium.googlesource.com/webm/libwebphttps://security.gentoo.org/glsa/202309-05https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035371https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5408https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-005.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook