Skip to content

Heap buffer overflow in vp8 encoding in libvpx

High
amaitland published GHSA-4c29-gfrp-g6x9 Oct 4, 2023

Package

nuget CefSharp.Common (NuGet)

Affected versions

< 117.2.20

Patched versions

117.2.20
nuget CefSharp.Common.NETCore (NuGet)
< 117.2.20
117.2.20

Description

Google is aware that an exploit for CVE-2023-5217 exists in the wild.

Description
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

Severity

High

CVE ID

CVE-2023-5217

Weaknesses

No CWEs