Use after free in libwebp
CVE-2023-1999

7.5HIGH

Key Information:

Vendor: Chromium
Status: Libwebp
Vendor: CVE Published:; 20 June 2023

What is CVE-2023-1999?

A vulnerability exists in libwebp due to improper memory management, specifically a use after free and double free condition. This occurs within the ApplyFiltersAndEncode() function where the best.bw pointer is released in a loop, subsequently leading to an incorrect reassignment. On a second iteration, an out-of-memory error in the VP8 encoder triggers an attempt to free the memory that has already been released, risking exploitation. Attackers can exploit this flaw to potentially execute arbitrary code or cause instability. Users are advised to upgrade to the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

libwebp 0.4.2 < 1.3.1

libwebp 0.4.2 < 1.3.0-8-ga486d800

References

https://chromium.googlesource.com/webm/libwebp

https://security.gentoo.org/glsa/202309-05

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2023
Vulnerability Reserved
Apr 12, 2023

JSON

Chromium

What is CVE-2023-1999?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.