CVE-2023-5217

HIGHScheduled

Published:Sep 28, 2023(2 years ago)

Modified:Oct 24, 2025

Remote ExploitNo Auth RequiredLow Complexity

Vulnerability Description

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Attack Characteristics

Network AccessLow ComplexityNo Auth NeededUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
webmproject	libvpx	1.13.1	-
microsoft	edge	-	-
microsoft	edge	-

Timeline

Published
CVE disclosed publicly
Sep 28, 20232 years ago
Last Modified
Most recent update
Oct 24, 20257 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20262 months ago

References

105

http://seclists.org/fulldisclosure/2023/Oct/12Mailing List
http://seclists.org/fulldisclosure/2023/Oct/16Mailing List
http://www.openwall.com/lists/oss-security/2023/09/28/5Mailing List

CVSS Score

v3.1

8.8/ 10.0

HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

At a Glance

Affected Products

105

References

webmproject / libvpx

http://www.openwall.com/lists/oss-security/2023/09/28/6Mailing List

http://www.openwall.com/lists/oss-security/2023/09/29/1Mailing List

http://www.openwall.com/lists/oss-security/2023/09/29/11Mailing List

http://www.openwall.com/lists/oss-security/2023/09/29/12Mailing List

http://www.openwall.com/lists/oss-security/2023/09/29/14Mailing List

http://www.openwall.com/lists/oss-security/2023/09/29/2Mailing List

http://www.openwall.com/lists/oss-security/2023/09/29/7Mailing List

http://www.openwall.com/lists/oss-security/2023/09/29/9Mailing List

http://www.openwall.com/lists/oss-security/2023/09/30/1Mailing List

http://www.openwall.com/lists/oss-security/2023/09/30/2Mailing List

http://www.openwall.com/lists/oss-security/2023/09/30/3Mailing List

http://www.openwall.com/lists/oss-security/2023/09/30/4Mailing List

http://www.openwall.com/lists/oss-security/2023/09/30/5Mailing List

http://www.openwall.com/lists/oss-security/2023/10/01/1Mailing List

http://www.openwall.com/lists/oss-security/2023/10/01/2Mailing List

http://www.openwall.com/lists/oss-security/2023/10/01/5Mailing List

http://www.openwall.com/lists/oss-security/2023/10/02/6Mailing List

http://www.openwall.com/lists/oss-security/2023/10/03/11Mailing List

https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firef...Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2241191Issue Tracking

https://chromereleases.googleblog.com/2023/09/stable-channel-update-fo...Vendor Advisory

https://crbug.com/1486441Exploit

https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d...Patch

https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944c...Patch

https://github.com/webmproject/libvpx/releases/tag/v1.13.1Release Notes

https://github.com/webmproject/libvpx/tagsProduct

https://lists.debian.org/debian-lts-announce/2023/09/msg00038.htmlMailing List

https://lists.debian.org/debian-lts-announce/2023/10/msg00001.htmlMailing List

https://lists.debian.org/debian-lts-announce/2023/10/msg00015.htmlMailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.f...Mailing List

https://pastebin.com/TdkC4pDvNot Applicable

https://security-tracker.debian.org/tracker/CVE-2023-5217Third Party Advisory

https://security.gentoo.org/glsa/202310-04Third Party Advisory

https://security.gentoo.org/glsa/202401-34Third Party Advisory

https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-...Third Party Advisory

https://support.apple.com/kb/HT213961Third Party Advisory

https://support.apple.com/kb/HT213972Third Party Advisory

https://twitter.com/maddiestone/status/1707163313711497266Third Party Advisory

https://www.debian.org/security/2023/dsa-5508Mailing List

https://www.debian.org/security/2023/dsa-5509Mailing List

https://www.debian.org/security/2023/dsa-5510Mailing List

https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/Third Party Advisory

https://www.openwall.com/lists/oss-security/2023/09/28/5Mailing List

http://seclists.org/fulldisclosure/2023/Oct/12Mailing List

http://seclists.org/fulldisclosure/2023/Oct/16Mailing List

http://www.openwall.com/lists/oss-security/2023/09/28/5Mailing List