Exploitation Summary
CVE-2023-41064 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 11, 2023. EIP tracks 4 public exploits from researchers including ctkqiang, MrR0b0t19, K4Der11000.
AI-analyzed exploit summary This script generates a malformed WebP file designed to trigger a Huffman table overflow in libwebp, leading to a buffer overflow vulnerability. The exploit constructs a RIFF header with a VP8L chunk containing crafted Huffman data to induce out-of-bounds writes.
Description
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Exploits (4)
This script generates a malformed WebP file designed to trigger a Huffman table overflow in libwebp, leading to a buffer overflow vulnerability. The exploit constructs a RIFF header with a VP8L chunk containing crafted Huffman data to induce out-of-bounds writes.
This repository contains a Python script that crafts a malformed WebP file to trigger CVE-2023-41064, a vulnerability in LibWebP. The script generates a WebP file with specific headers and bit manipulation to exploit the vulnerability.
The repository provides setup instructions for a frontend (React) and backend (FastAPI) project but lacks any exploit code or technical details related to CVE-2023-41064. It appears to be a placeholder or incomplete project.
The repository contains a Python script that crafts a malformed WebP file to trigger CVE-2023-41064, a heap buffer overflow vulnerability in LibWebP. The script generates a WebP file with specific headers and bit manipulation to exploit the vulnerability.
References (9)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H