CVE-2023-5217

HIGH KEV

libvpx < 1.13.1 - Heap Buffer Overflow in VP8 Encoding

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-5217 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 2, 2023. EIP tracks 4 public exploits from researchers including UT-Security, Trinadh465.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2023-5217, a heap buffer overflow in libvpx VP8 encoding. The exploit leverages the WebCodecs and MediaRecorder APIs to trigger the vulnerability in browsers, allowing controlled heap overflows.

Description

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (4)

nomisec WORKING POC 17 stars
by UT-Security · client-side
https://github.com/UT-Security/cve-2023-5217-poc

This repository contains a proof-of-concept for CVE-2023-5217, a heap buffer overflow in libvpx VP8 encoding. The exploit leverages the WebCodecs and MediaRecorder APIs to trigger the vulnerability in browsers, allowing controlled heap overflows.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: libvpx v1.13.0 (used in Chrome and other browsers)
No auth needed
Prerequisites: Browser with WebCodecs and MediaRecorder APIs · libvpx v1.13.0 with VP8 encoding enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by Trinadh465 · poc
https://github.com/Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217

The repository appears to be a partial or incomplete snapshot of the libvpx library (version 1.4.0) with no explicit exploit code for CVE-2023-5217. The provided files are primarily build scripts, examples, and utility code, lacking a clear PoC or exploit implementation.

Classification
Stub 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: libvpx v1.4.0
No auth needed
Prerequisites: Access to vulnerable libvpx version · Custom exploit development
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by Trinadh465 · poc
https://github.com/Trinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217

The repository appears to be a partial or incomplete snapshot of the libvpx library (version 1.8.0) with a README and a single source file (args.c). No exploit code or proof-of-concept for CVE-2023-5217 is present in the provided files.

Classification
Stub 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: libvpx v1.8.0
No auth needed
Prerequisites: None identified
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/wrv/cve-2023-5217-poc

This repository contains a functional PoC for CVE-2023-5217, a heap buffer overflow in libvpx VP8 encoding. The exploit leverages WebCodecs and MediaRecorder APIs to trigger the vulnerability by manipulating frame dimensions and thread counts.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: libvpx v1.13.0 (VP8 encoding)
No auth needed
Prerequisites: Browser with WebCodecs and MediaRecorder APIs · libvpx v1.13.0
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (53)

Core 53
Core References
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/12
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/16
Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/28/5
Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/28/6
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/1
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/2
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/7
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/9
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/1
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/2
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/3
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/4
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/5
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/01/1
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/01/2
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/01/5
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/02/6
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2241191
Exploit, Issue Tracking
https://crbug.com/1486441

Scores

CVSS v3 8.8
EPSS 0.0498
EPSS Percentile 90.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2023-10-02
VulnCheck KEV 2023-09-25
InTheWild.io 2023-09-25
ENISA EUVD EUVD-2023-2578
CWE
CWE-787
Status published
Products (22)
apple/ipados 16.7
apple/ipados 17.0 - 17.0.3
apple/iphone_os 16.7
apple/iphone_os 17.0 - 17.0.3
debian/debian_linux 10.0
debian/debian_linux 11.0
debian/debian_linux 12.0
fedoraproject/fedora 37
fedoraproject/fedora 38
fedoraproject/fedora 39
... and 12 more
Published Sep 28, 2023
KEV Added Oct 02, 2023
Tracked Since Feb 18, 2026