FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libwebp heap buffer overflow

Affected packages
tor-browser < 12.5.3


VuXML ID 58a738d4-57af-11ee-8c58-b42e991fc52e
Discovery 2023-09-12
Entry 2023-09-20 reports:

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) The Tor browser is based on Firefox and GeckoView and uses also libwep so it is affected by this bug.


CVE Name CVE-2023-4863