CVE-2023-4863

This repository contains a functional proof-of-concept for CVE-2023-4863, a heap buffer overflow vulnerability in libwebp. The code demonstrates the exploitation of the vulnerability by crafting a malicious WebP image file, leveraging insights from Ben Hawkes' research on code_lengths.

This repository provides a detailed technical analysis and fuzzing setup for CVE-2023-4863, a heap buffer overflow vulnerability in libwebp. It includes Docker configurations, fuzzing scripts, and instrumentation patches for AFL++ to reproduce and analyze the vulnerability.

This repository contains a functional tool to generate malformed Huffman tables that trigger an out-of-bounds write in libwebp versions <= 1.3.1 (CVE-2023-4863). The tool calculates incomplete Huffman trees to overflow pre-allocated memory, demonstrating the vulnerability.

This repository provides a scanner tool to detect the presence of vulnerable libwebp versions (0.5.0 to 1.3.1) affected by CVE-2023-4863. It identifies vulnerable components by matching specific function names in binary files, jar packages, and rpm packages.

This repository contains a functional proof-of-concept exploit for CVE-2023-4863, a heap buffer overflow vulnerability in libwebp. The exploit code includes a crafted WebP file generator that triggers the vulnerability, along with detailed instructions for building and testing the exploit against a vulnerable version of libwebp.

This PowerShell script scans for Electron applications vulnerable to CVE-2023-4863 / CVE-2023-5129 by extracting version strings from executables and comparing them against known patched versions. It does not exploit the vulnerability but identifies potentially vulnerable installations.

This PowerShell script scans an executable to determine if it uses a vulnerable version of Electron affected by CVE-2023-4863 by leveraging Sysinternals' Strings tool. It checks for the presence of Electron version strings and flags versions older than 26 as vulnerable.

This repository appears to be a legitimate technical analysis and development environment for CVE-2023-4863, a heap buffer overflow vulnerability in libwebp. It includes documentation, build scripts, and example code but does not contain a direct exploit PoC.

The repository contains only a minimal README with no exploit code, technical details, or meaningful content related to CVE-2023-4863. It appears to be a placeholder or stub.

This repository provides a detailed technical analysis of CVE-2023-4863, including a conceptual PoC for generating anomalous WebP files, defensive tools for detecting such anomalies, and comprehensive documentation. It focuses on educational and detection aspects rather than a functional exploit.

The repository contains only a minimal README with a brief mention of CVE-2023-4863 and libwebp, but no actual exploit code, technical details, or proof-of-concept implementation.

This repository provides a Docker-based lab environment to demonstrate CVE-2023-4863, a heap buffer overflow in libwebp. It includes vulnerable and patched environments, an attacker container serving a crafted exploit, and automated demonstrations of the crash and mitigation.

This repository contains detailed technical documentation and workflows related to CVE-2023-4863, focusing on validation, reproduction, and sanitization processes. It includes extensive decision logs, operating procedures, and CI/CD pipelines but lacks direct exploit code.

This repository contains a functional exploit PoC for CVE-2023-4863, a heap buffer overflow vulnerability in WebP image processing. The script generates a malformed WebP file that triggers an out-of-bounds write, allowing arbitrary memory corruption.