CVE-2023-5217

HIGH KEV

Webmproject Libvpx < 1.13.1 - Out-of-Bounds Write

Title source: rule

Description

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (4)

nomisec WORKING POC 17 stars
by UT-Security · client-side
https://github.com/UT-Security/cve-2023-5217-poc
nomisec STUB
by Trinadh465 · poc
https://github.com/Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217
nomisec STUB
by Trinadh465 · poc
https://github.com/Trinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217
inthewild WORKING POC
poc
https://github.com/wrv/cve-2023-5217-poc

References (53)

... and 33 more

Scores

CVSS v3 8.8
EPSS 0.0418
EPSS Percentile 88.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-10-02
VulnCheck KEV 2023-09-25
InTheWild.io 2023-09-25
ENISA EUVD EUVD-2023-2578
CWE
CWE-787
Status published
Products (22)
apple/ipados 16.7
apple/ipados 17.0 - 17.0.3
apple/iphone_os 16.7
apple/iphone_os 17.0 - 17.0.3
debian/debian_linux 10.0
debian/debian_linux 11.0
debian/debian_linux 12.0
fedoraproject/fedora 37
fedoraproject/fedora 38
fedoraproject/fedora 39
... and 12 more
Published Sep 28, 2023
KEV Added Oct 02, 2023
Tracked Since Feb 18, 2026