heap-buffer-overflow
Safeguard articles tagged "heap-buffer-overflow" — guides, analysis, and best practices for software supply chain and application security.
4 articles
libwebp heap buffer overflow zero-day (CVE-2023-4863)
A heap buffer overflow in libwebp, actively exploited in a zero-click iOS spyware chain, exposed browsers, Electron apps, and containers alike.
zlib heap buffer overflow via crafted input (CVE-2022-37434)
CVE-2022-37434: a heap buffer overflow in zlib's gzip header parsing. Affected versions, CVSS/EPSS/KEV context, timeline, and how to remediate it.
CVE-2023-4863: The libwebp Zero-Day That Hit Chrome and More
CVE-2023-4863 was a heap buffer overflow in libwebp's Huffman decoding that was exploited as a zero-day in the wild — and because libwebp sits inside Chrome, Firefox, and countless Electron apps, one library bug became an ecosystem-wide emergency patch.
libwebp and CVE-2023-4863: The Full Story
A heap buffer overflow in libwebp's lossless decoder, exploited in the wild before a patch existed, turned out to affect far more software than the browser it was first reported in.