libwebp
Safeguard articles tagged "libwebp" — guides, analysis, and best practices for software supply chain and application security.
5 articles
The libwebp heap overflow that patched half the internet: CVE-2023-4863
One heap buffer overflow in a 15-year-old image codec forced Chrome, Firefox, Edge, Electron apps, and entire Linux distros to ship emergency patches within days.
WebP (CVE-2023-4863) Explained: The libwebp Heap Overflow That Patched the Web
CVE-2023-4863 was an actively exploited heap buffer overflow in libwebp's Huffman decoder. Because the codec is vendored everywhere, one bug forced emergency patches across browsers and apps.
libwebp heap buffer overflow zero-day (CVE-2023-4863)
A heap buffer overflow in libwebp, actively exploited in a zero-click iOS spyware chain, exposed browsers, Electron apps, and containers alike.
libwebp animated WebP overflow (CVE-2023-5129)
CVE-2023-5129 exposed a critical libwebp heap overflow, then got rejected as a duplicate of CVE-2023-4863 — leaving two CVE trails for one flaw.
CVE-2023-4863: The libwebp Zero-Day That Hit Chrome and More
CVE-2023-4863 was a heap buffer overflow in libwebp's Huffman decoding that was exploited as a zero-day in the wild — and because libwebp sits inside Chrome, Firefox, and countless Electron apps, one library bug became an ecosystem-wide emergency patch.