CVE-2023-5217 - Vulnerability Details

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Oct. 2, 2023.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Apple	Ipados Iphone Os
Debian	Debian Linux
Fedoraproject	Fedora
Google	Chrome
Microsoft	Edge Edge Chromium
Mozilla	Firefox Thunderbird
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus
Webmproject	Libvpx

Configuration 1 [-]

cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:microsoft:edge:116.0.1938.98:::::::*
	cpe:2.3:a:microsoft:edge:117.0.2045.47:::::::*
	cpe:2.3:a:microsoft:edge_chromium:116.0.5845.229:::::::*
	cpe:2.3:a:microsoft:edge_chromium:117.0.5938.132:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::-:::*
	cpe:2.3:a:mozilla:firefox::::::android::*
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 4 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados:16.7:::::::*
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os:16.7:::::::*

Configuration 7 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 8 [-]

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
thunderbird-0:115.3.1-1.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:5475	2023-10-05T00:00:00Z
firefox-0:115.3.1-1.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:5477	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 8
thunderbird-0:115.3.1-1.el8_8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5428	2023-10-04T00:00:00Z
firefox-0:115.3.1-1.el8_8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5433	2023-10-04T00:00:00Z
libvpx-0:1.7.0-10.el8_8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5537	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
thunderbird-0:115.3.1-1.el8_1	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:5438	2023-10-04T00:00:00Z
firefox-0:115.3.1-1.el8_1	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:5440	2023-10-04T00:00:00Z
libvpx-0:1.7.0-8.el8_1	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:5535	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
firefox-0:115.3.1-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:5426	2023-10-04T00:00:00Z
thunderbird-0:115.3.1-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:5432	2023-10-04T00:00:00Z
libvpx-0:1.7.0-8.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:5534	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
firefox-0:115.3.1-1.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:5426	2023-10-04T00:00:00Z
thunderbird-0:115.3.1-1.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:5432	2023-10-04T00:00:00Z
libvpx-0:1.7.0-8.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:5534	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
firefox-0:115.3.1-1.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:5426	2023-10-04T00:00:00Z
thunderbird-0:115.3.1-1.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:5432	2023-10-04T00:00:00Z
libvpx-0:1.7.0-8.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:5534	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
thunderbird-0:115.3.1-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:5429	2023-10-04T00:00:00Z
firefox-0:115.3.1-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:5437	2023-10-04T00:00:00Z
libvpx-0:1.7.0-10.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:5536	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
thunderbird-0:115.3.1-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:5429	2023-10-04T00:00:00Z
firefox-0:115.3.1-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:5437	2023-10-04T00:00:00Z
libvpx-0:1.7.0-10.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:5536	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
thunderbird-0:115.3.1-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:5429	2023-10-04T00:00:00Z
firefox-0:115.3.1-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:5437	2023-10-04T00:00:00Z
libvpx-0:1.7.0-10.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:5536	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
thunderbird-0:115.3.1-1.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:5430	2023-10-04T00:00:00Z
firefox-0:115.3.1-1.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:5436	2023-10-04T00:00:00Z
libvpx-0:1.7.0-10.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:5538	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 9
firefox-0:115.3.1-1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5434	2023-10-04T00:00:00Z
thunderbird-0:115.3.1-1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5435	2023-10-04T00:00:00Z
libvpx-0:1.9.0-7.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5539	2023-10-09T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
firefox-0:115.3.1-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:5427	2023-10-04T00:00:00Z
thunderbird-0:115.3.1-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:5439	2023-10-04T00:00:00Z
libvpx-0:1.9.0-7.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:5540	2023-10-09T00:00:00Z

References

Link	Providers
http://seclists.org/fulldisclosure/2023/Oct/12
http://seclists.org/fulldisclosure/2023/Oct/16
http://www.openwall.com/lists/oss-security/2023/09/28/5
http://www.openwall.com/lists/oss-security/2023/09/28/6
http://www.openwall.com/lists/oss-security/2023/09/29/1
http://www.openwall.com/lists/oss-security/2023/09/29/11
http://www.openwall.com/lists/oss-security/2023/09/29/12
http://www.openwall.com/lists/oss-security/2023/09/29/14
http://www.openwall.com/lists/oss-security/2023/09/29/2
http://www.openwall.com/lists/oss-security/2023/09/29/7
http://www.openwall.com/lists/oss-security/2023/09/29/9
http://www.openwall.com/lists/oss-security/2023/09/30/1
http://www.openwall.com/lists/oss-security/2023/09/30/2
http://www.openwall.com/lists/oss-security/2023/09/30/3
http://www.openwall.com/lists/oss-security/2023/09/30/4
http://www.openwall.com/lists/oss-security/2023/09/30/5
http://www.openwall.com/lists/oss-security/2023/10/01/1
http://www.openwall.com/lists/oss-security/2023/10/01/2
http://www.openwall.com/lists/oss-security/2023/10/01/5
http://www.openwall.com/lists/oss-security/2023/10/02/6
http://www.openwall.com/lists/oss-security/2023/10/03/11
https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/
https://bugzilla.redhat.com/show_bug.cgi?id=2241191
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
https://crbug.com/1486441
https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590
https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282
https://github.com/webmproject/libvpx/releases/tag/v1.13.1
https://github.com/webmproject/libvpx/tags
https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
https://nvd.nist.gov/vuln/detail/CVE-2023-5217
https://pastebin.com/TdkC4pDv
https://security-tracker.debian.org/tracker/CVE-2023-5217
https://security.gentoo.org/glsa/202310-04
https://security.gentoo.org/glsa/202401-34
https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/
https://support.apple.com/kb/HT213961
https://support.apple.com/kb/HT213972
https://twitter.com/maddiestone/status/1707163313711497266
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2023-5217
https://www.debian.org/security/2023/dsa-5508
https://www.debian.org/security/2023/dsa-5509
https://www.debian.org/security/2023/dsa-5510
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
https://www.openwall.com/lists/oss-security/2023/09/28/5

History

Thu, 03 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipados
CPEs	cpe:2.3:o:apple:ipad_os:::::::: cpe:2.3:o:apple:ipad_os:16.7:::::::*	cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:ipados:16.7:::::::*
Vendors & Products	Apple ipad Os	Apple ipados

Mon, 03 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-10-02'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 20 Dec 2024 19:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox_esr:::::::: cpe:2.3:a:mozilla:firefox_focus::::::android::*	cpe:2.3:a:mozilla:firefox:::::-:::* cpe:2.3:a:mozilla:firefox:::::esr:::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
Vendors & Products	Mozilla firefox Esr Mozilla firefox Focus

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2023-09-28T15:23:18.340Z

Updated: 2025-02-13T17:20:00.251Z

Reserved: 2023-09-27T01:52:05.679Z

Link: CVE-2023-5217

Vulnrichment

Updated: 2024-08-02T07:52:08.351Z

NVD

Status : Analyzed

Published: 2023-09-28T16:15:10.980

Modified: 2025-04-03T18:55:36.100

Link: CVE-2023-5217

Redhat

Severity : Important

Publid Date: 2023-09-27T00:00:00Z

Links: CVE-2023-5217 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5217", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2023-09-27T01:52:05.679Z", "datePublished": "2023-09-28T15:23:18.340Z", "dateUpdated": "2025-02-13T17:20:00.251Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "117.0.5938.132", "status": "affected", "lessThan": "117.0.5938.132", "versionType": "custom"}]}, {"vendor": "Google", "product": "libvpx", "versions": [{"version": "1.13.1", "status": "affected", "lessThan": "1.13.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Heap buffer overflow"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2024-01-31T17:08:56.596Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"}, {"url": "https://crbug.com/1486441"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/5"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/1"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/2"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/7"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/9"}, {"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2023-5217"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191"}, {"url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/"}, {"url": "https://www.openwall.com/lists/oss-security/2023/09/28/5"}, {"url": "https://pastebin.com/TdkC4pDv"}, {"url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590"}, {"url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282"}, {"url": "https://github.com/webmproject/libvpx/tags"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/11"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/12"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/14"}, {"url": "https://www.debian.org/security/2023/dsa-5510"}, {"url": "https://www.debian.org/security/2023/dsa-5509"}, {"url": "https://www.debian.org/security/2023/dsa-5508"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/1"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html"}, {"url": "https://twitter.com/maddiestone/status/1707163313711497266"}, {"url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/"}, {"url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/3"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/2"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/4"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/5"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/2"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/1"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/5"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/02/6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/03/11"}, {"url": "https://security.gentoo.org/glsa/202310-04"}, {"url": "https://support.apple.com/kb/HT213961"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/12"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"}, {"url": "https://support.apple.com/kb/HT213972"}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/16"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"}, {"url": "https://security.gentoo.org/glsa/202401-34"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.351Z"}, "title": "CVE Program Container", "references": [{"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html", "tags": ["x_transferred"]}, {"url": "https://crbug.com/1486441", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/5", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/7", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/9", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/", "tags": ["x_transferred"]}, {"url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "tags": ["x_transferred"]}, {"url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2023/09/28/5", "tags": ["x_transferred"]}, {"url": "https://pastebin.com/TdkC4pDv", "tags": ["x_transferred"]}, {"url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "tags": ["x_transferred"]}, {"url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "tags": ["x_transferred"]}, {"url": "https://github.com/webmproject/libvpx/tags", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/11", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/12", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/14", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5510", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5509", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5508", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html", "tags": ["x_transferred"]}, {"url": "https://twitter.com/maddiestone/status/1707163313711497266", "tags": ["x_transferred"]}, {"url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "tags": ["x_transferred"]}, {"url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/5", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/5", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/02/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/03/11", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202310-04", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213961", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/12", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213972", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/16", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-34", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-5217", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2023-11-15T16:38:17.360361Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-10-02", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-5217"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T14:09:33.302Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html", "tags": ["x_transferred"]}, {"url": "https://crbug.com/1486441", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/5", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/7", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/9", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/", "tags": ["x_transferred"]}, {"url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "tags": ["x_transferred"]}, {"url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2023/09/28/5", "tags": ["x_transferred"]}, {"url": "https://pastebin.com/TdkC4pDv", "tags": ["x_transferred"]}, {"url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "tags": ["x_transferred"]}, {"url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "tags": ["x_transferred"]}, {"url": "https://github.com/webmproject/libvpx/tags", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/11", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/12", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/14", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5510", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5509", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5508", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html", "tags": ["x_transferred"]}, {"url": "https://twitter.com/maddiestone/status/1707163313711497266", "tags": ["x_transferred"]}, {"url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "tags": ["x_transferred"]}, {"url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/5", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/5", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/02/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/03/11", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202310-04", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213961", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/12", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213972", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/16", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-34", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.351Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-5217", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2023-11-15T16:38:17.360361Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-10-02", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-5217"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T14:03:12.332Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "117.0.5938.132", "lessThan": "117.0.5938.132", "versionType": "custom"}]}, {"vendor": "Google", "product": "libvpx", "versions": [{"status": "affected", "version": "1.13.1", "lessThan": "1.13.1", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"}, {"url": "https://crbug.com/1486441"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/5"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/28/6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/1"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/2"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/7"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/9"}, {"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2023-5217"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191"}, {"url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/"}, {"url": "https://www.openwall.com/lists/oss-security/2023/09/28/5"}, {"url": "https://pastebin.com/TdkC4pDv"}, {"url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590"}, {"url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282"}, {"url": "https://github.com/webmproject/libvpx/tags"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/11"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/12"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/29/14"}, {"url": "https://www.debian.org/security/2023/dsa-5510"}, {"url": "https://www.debian.org/security/2023/dsa-5509"}, {"url": "https://www.debian.org/security/2023/dsa-5508"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/1"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html"}, {"url": "https://twitter.com/maddiestone/status/1707163313711497266"}, {"url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/"}, {"url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/3"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/2"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/4"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/30/5"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/2"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/1"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/01/5"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/02/6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/03/11"}, {"url": "https://security.gentoo.org/glsa/202310-04"}, {"url": "https://support.apple.com/kb/HT213961"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/12"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"}, {"url": "https://support.apple.com/kb/HT213972"}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/16"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"}, {"url": "https://security.gentoo.org/glsa/202401-34"}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Heap buffer overflow"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2023-09-28T17:20:53.866Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5217", "state": "PUBLISHED", "dateUpdated": "2025-02-03T14:09:33.302Z", "dateReserved": "2023-09-27T01:52:05.679Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2023-09-28T15:23:18.340Z", "assignerShortName": "Chrome"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-10-23", "cisaExploitAdd": "2023-10-02", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Google Chromium libvpx Heap Buffer Overflow Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:*", "matchCriteriaId": "385F58CC-4AA0-4C41-9394-C9481586689E", "versionEndExcluding": "1.13.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:116.0.1938.98:*:*:*:*:*:*:*", "matchCriteriaId": "83749E8D-D4EC-4C5E-B031-8DD4C5C3AA72", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:edge:117.0.2045.47:*:*:*:*:*:*:*", "matchCriteriaId": "39F5AB10-A20E-4B12-863D-9335A6344130", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:edge_chromium:116.0.5845.229:*:*:*:*:*:*:*", "matchCriteriaId": "494B17DA-B40E-4B79-925D-2F439C7A4BCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:edge_chromium:117.0.5938.132:*:*:*:*:*:*:*", "matchCriteriaId": "0A1735C0-78BF-4B9C-9EC6-64471C609046", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "93B700CD-4D4C-4D92-B105-9B02E21246BB", "versionEndExcluding": "115.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "B6BEA417-5012-4315-AFF2-20BBF931A550", "versionEndExcluding": "118.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", "matchCriteriaId": "C0246068-275F-4D13-93B9-44AD91D2EFFB", "versionEndExcluding": "118.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "C287FD41-1668-4BA8-9BF5-7C56420F6F38", "versionEndExcluding": "115.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "5383A8BF-7AD6-4D5A-9B57-DE1BC2C59E09", "versionEndExcluding": "17.0.3", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:16.7:*:*:*:*:*:*:*", "matchCriteriaId": "A377B7C9-A339-49A9-9C96-A6F5F738B40C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1D28032-F9E6-45E7-98B6-7CE2351C4C99", "versionEndExcluding": "17.0.3", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*", "matchCriteriaId": "EF582B55-1D2F-4F53-9F3D-DB52F211B600", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F840D02-4766-4644-8FD6-637E945E88FB", "versionEndExcluding": "117.0.5938.132", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "El desbordamiento del b\u00fafer en la codificaci\u00f3n vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"}], "id": "CVE-2023-5217", "lastModified": "2025-04-03T18:55:36.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-09-28T16:15:10.980", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Oct/12"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Oct/16"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191"}, {"source": "chrome-cve-admin@google.com", "tags": ["Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://crbug.com/1486441"}, {"source": "chrome-cve-admin@google.com", "tags": ["Patch"], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590"}, {"source": "chrome-cve-admin@google.com", "tags": ["Patch"], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282"}, {"source": "chrome-cve-admin@google.com", "tags": ["Release Notes"], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1"}, {"source": "chrome-cve-admin@google.com", "tags": ["Product"], "url": "https://github.com/webmproject/libvpx/tags"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Not Applicable"], "url": "https://pastebin.com/TdkC4pDv"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-04"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-34"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213961"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213972"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://twitter.com/maddiestone/status/1707163313711497266"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://www.debian.org/security/2023/dsa-5508"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://www.debian.org/security/2023/dsa-5509"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://www.debian.org/security/2023/dsa-5510"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Oct/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Oct/16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://crbug.com/1486441"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/webmproject/libvpx/tags"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://pastebin.com/TdkC4pDv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-34"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://twitter.com/maddiestone/status/1707163313711497266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.debian.org/security/2023/dsa-5508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.debian.org/security/2023/dsa-5509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.debian.org/security/2023/dsa-5510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:5475", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:115.3.1-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-10-05T00:00:00Z"}, {"advisory": "RHSA-2023:5477", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:115.3.1-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-10-05T00:00:00Z"}, {"advisory": "RHSA-2023:5428", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:115.3.1-1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5433", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:115.3.1-1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5537", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libvpx-0:1.7.0-10.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5438", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:115.3.1-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5440", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:115.3.1-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5535", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "libvpx-0:1.7.0-8.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5426", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:115.3.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5432", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:115.3.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5534", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libvpx-0:1.7.0-8.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5426", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "firefox-0:115.3.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5432", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "thunderbird-0:115.3.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5534", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "libvpx-0:1.7.0-8.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5426", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "firefox-0:115.3.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5432", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "thunderbird-0:115.3.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5534", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "libvpx-0:1.7.0-8.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5429", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:115.3.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5437", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:115.3.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5536", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "libvpx-0:1.7.0-10.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5429", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:115.3.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5437", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:115.3.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5536", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "libvpx-0:1.7.0-10.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5429", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:115.3.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5437", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:115.3.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5536", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "libvpx-0:1.7.0-10.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5430", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "thunderbird-0:115.3.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5436", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "firefox-0:115.3.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5538", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "libvpx-0:1.7.0-10.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5434", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:115.3.1-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5435", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:115.3.1-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5539", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libvpx-0:1.9.0-7.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5427", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "firefox-0:115.3.1-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5439", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "thunderbird-0:115.3.1-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-04T00:00:00Z"}, {"advisory": "RHSA-2023:5540", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "libvpx-0:1.9.0-7.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-09T00:00:00Z"}], "bugzilla": {"description": "libvpx: Heap buffer overflow in vp8 encoding in libvpx", "id": "2241191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191"}, "csaw": true, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-5217", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libvpx", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libvpx", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox:flatpak/firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird:flatpak/thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5217\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5217\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-44/\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\nCustomers using this application, which does server-side video codecs by linking to the libvpx library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object