cve-2023-4863
Safeguard articles tagged "cve-2023-4863" — guides, analysis, and best practices for software supply chain and application security.
4 articles
The libwebp heap overflow that patched half the internet: CVE-2023-4863
One heap buffer overflow in a 15-year-old image codec forced Chrome, Firefox, Edge, Electron apps, and entire Linux distros to ship emergency patches within days.
libwebp heap buffer overflow zero-day (CVE-2023-4863)
A heap buffer overflow in libwebp, actively exploited in a zero-click iOS spyware chain, exposed browsers, Electron apps, and containers alike.
CVE-2023-4863: The libwebp Zero-Day That Hit Chrome and More
CVE-2023-4863 was a heap buffer overflow in libwebp's Huffman decoding that was exploited as a zero-day in the wild — and because libwebp sits inside Chrome, Firefox, and countless Electron apps, one library bug became an ecosystem-wide emergency patch.
libwebp and CVE-2023-4863: The Full Story
A heap buffer overflow in libwebp's lossless decoder, exploited in the wild before a patch existed, turned out to affect far more software than the browser it was first reported in.