CVE-2023-4863 - Heap overflow in Chrome/libwebp
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-23-381
Final
1
1
2025-01-14T00:00:00
Current version
2025-01-14T00:00:00
2025-01-14T00:00:00
Fortinet Product Security team has evaluated the impact of the vulnerablity affecting Google Chrome library listed below:CVE-2023-4863: severity HIGHHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.https://nvd.nist.gov/vuln/detail/CVE-2023-4863FortiClient and FortiClientEMS applications have embedded Chrome browser (for SAML authentication and administrative console application.)FortiSOAR is using Chrome to render reports on the backend.Libwepb is the library which renders ".webp" images into chrome browser.When a malicious image is displayed in chrome (with data overflow), program execution might be modified by the attacker. The attacker will need to escape google chrome sandboxing environment to perform additional damages.
None
Execute unauthorized code or commands
FortiSOAR on-premise 7.6 all versions are not affectedFortiSOAR on-premise 7.5 all versions are not affectedFortiSOAR on-premise version 7.4.0FortiSOAR on-premise version 7.3.0 through 7.3.1FortiSOAR on-premise version 7.2.0 through 7.2.1FortiSOAR on-premise 7.0 all versionsFortiSOAR on-premise 6.4 all versionsFortiClientWindows 7.4 all versions are not affectedFortiClientWindows version 7.2.0 through 7.2.2FortiClientWindows version 7.0.0 through 7.0.10FortiClientWindows 6.4 all versionsFortiClientMac 7.4 all versions are not affectedFortiClientMac version 7.2.0 through 7.2.4FortiClientMac 7.0 all versionsFortiClientMac 6.4 all versionsFortiClientLinux 7.4 all versions are not affectedFortiClientLinux version 7.2.0 through 7.2.4FortiClientLinux 7.0 all versionsFortiClientLinux 6.4 all versionsFortiClientEMS 7.4 all versions are not affectedFortiClientEMS version 7.2.0 through 7.2.1FortiClientEMS version 7.0.0 through 7.0.10FortiClientEMS 6.4 all versions
Please upgrade to FortiClientWindows version 7.2.3 or abovePlease upgrade to FortiClientWindows version 7.0.10 or abovePlease upgrade to FortiClientLinux version 7.4.0 or abovePlease upgrade to FortiClientLinux version 7.2.5 or abovePlease upgrade to FortiClientMac version 7.4.0 or abovePlease upgrade to FortiClientMac version 7.2.5 or abovePlease upgrade to FortiClientEMS version 7.2.2 or abovePlease upgrade to FortiClientEMS version 7.0.10 or abovePlease upgrade to FortiSOAR version 7.4.1 Security Patch 3 or above Please upgrade to FortiSOAR version 7.3.2 Security Patch 4 or abovePlease upgrade to FortiSOAR version 7.2.2 Security Patch 9 or above
https://fortiguard.fortinet.com/psirt/FG-IR-23-381
CVE-2023-4863 - Heap overflow in Chrome/libwebp
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-4863
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-4863
[2] https://www.wiz.io/blog/cve-2023-4863-and-cve-2023-5217-exploited-in-the-wild
[2] https://www.wiz.io/blog/cve-2023-4863-and-cve-2023-5217-exploited-in-the-wild
FortiClientEMS 7.2.1
FortiClientEMS 7.2.0
FortiClientEMS 7.0.10
FortiClientEMS 7.0.9
FortiClientEMS 7.0.8
FortiClientEMS 7.0.7
FortiClientEMS 7.0.6
FortiClientEMS 7.0.5
FortiClientEMS 7.0.4
FortiClientEMS 7.0.3
FortiClientEMS 7.0.2
FortiClientEMS 7.0.1
FortiClientEMS 7.0.0
FortiClientEMS 6.4.9
FortiClientEMS 6.4.8
FortiClientEMS 6.4.7
FortiClientEMS 6.4.4
FortiClientEMS 6.4.3
FortiClientEMS 6.4.2
FortiClientEMS 6.4.1
FortiClientEMS 6.4.0
FortiClientLinux 7.2.4
FortiClientLinux 7.2.3
FortiClientLinux 7.2.2
FortiClientLinux 7.2.1
FortiClientLinux 7.2.0
FortiClientLinux 7.0.13
FortiClientLinux 7.0.12
FortiClientLinux 7.0.11
FortiClientLinux 7.0.10
FortiClientLinux 7.0.9
FortiClientLinux 7.0.8
FortiClientLinux 7.0.7
FortiClientLinux 7.0.6
FortiClientLinux 7.0.5
FortiClientLinux 7.0.4
FortiClientLinux 7.0.3
FortiClientLinux 7.0.2
FortiClientLinux 7.0.1
FortiClientLinux 7.0.0
FortiClientLinux 6.4.9
FortiClientLinux 6.4.8
FortiClientLinux 6.4.7
FortiClientLinux 6.4.4
FortiClientLinux 6.4.3
FortiClientLinux 6.4.2
FortiClientLinux 6.4.1
FortiClientLinux 6.4.0
FortiClientMac 7.2.4
FortiClientMac 7.2.3
FortiClientMac 7.2.2
FortiClientMac 7.2.1
FortiClientMac 7.2.0
FortiClientMac 7.0.14
FortiClientMac 7.0.13
FortiClientMac 7.0.12
FortiClientMac 7.0.11
FortiClientMac 7.0.10
FortiClientMac 7.0.9
FortiClientMac 7.0.8
FortiClientMac 7.0.7
FortiClientMac 7.0.6
FortiClientMac 7.0.5
FortiClientMac 7.0.4
FortiClientMac 7.0.3
FortiClientMac 7.0.2
FortiClientMac 7.0.1
FortiClientMac 7.0.0
FortiClientMac 6.4.10
FortiClientMac 6.4.9
FortiClientMac 6.4.8
FortiClientMac 6.4.7
FortiClientMac 6.4.6
FortiClientMac 6.4.5
FortiClientMac 6.4.4
FortiClientMac 6.4.3
FortiClientMac 6.4.2
FortiClientMac 6.4.1
FortiClientMac 6.4.0
FortiClientWindows 7.2.2
FortiClientWindows 7.2.1
FortiClientWindows 7.2.0
FortiClientWindows 7.0.10
FortiClientWindows 7.0.9
FortiClientWindows 7.0.8
FortiClientWindows 7.0.7
FortiClientWindows 7.0.6
FortiClientWindows 7.0.5
FortiClientWindows 7.0.4
FortiClientWindows 7.0.3
FortiClientWindows 7.0.2
FortiClientWindows 7.0.1
FortiClientWindows 7.0.0
FortiClientWindows 6.4.10
FortiClientWindows 6.4.9
FortiClientWindows 6.4.8
FortiClientWindows 6.4.7
FortiClientWindows 6.4.6
FortiClientWindows 6.4.5
FortiClientWindows 6.4.4
FortiClientWindows 6.4.3
FortiClientWindows 6.4.2
FortiClientWindows 6.4.1
FortiClientWindows 6.4.0
FortiSOAR on-premise 7.4.0
FortiSOAR on-premise 7.3.1
FortiSOAR on-premise 7.3.0
FortiSOAR on-premise 7.2.1
FortiSOAR on-premise 7.2.0
FortiSOAR on-premise 7.0.3
FortiSOAR on-premise 7.0.2
FortiSOAR on-premise 7.0.1
FortiSOAR on-premise 7.0.0
FortiSOAR on-premise 6.4.4
FortiSOAR on-premise 6.4.3
FortiSOAR on-premise 6.4.1
FortiSOAR on-premise 6.4.0
CVE-2023-4863 - Heap overflow in Chrome/libwebp
CVE-2023-4863
FortiClientEMS-7.2.1
FortiClientEMS-7.2.0
FortiClientEMS-7.0.10
FortiClientEMS-7.0.9
FortiClientEMS-7.0.8
FortiClientEMS-7.0.7
FortiClientEMS-7.0.6
FortiClientEMS-7.0.5
FortiClientEMS-7.0.4
FortiClientEMS-7.0.3
FortiClientEMS-7.0.2
FortiClientEMS-7.0.1
FortiClientEMS-7.0.0
FortiClientEMS-6.4.9
FortiClientEMS-6.4.8
FortiClientEMS-6.4.7
FortiClientEMS-6.4.4
FortiClientEMS-6.4.3
FortiClientEMS-6.4.2
FortiClientEMS-6.4.1
FortiClientEMS-6.4.0
FortiClientLinux-7.2.4
FortiClientLinux-7.2.3
FortiClientLinux-7.2.2
FortiClientLinux-7.2.1
FortiClientLinux-7.2.0
FortiClientLinux-7.0.13
FortiClientLinux-7.0.12
FortiClientLinux-7.0.11
FortiClientLinux-7.0.10
FortiClientLinux-7.0.9
FortiClientLinux-7.0.8
FortiClientLinux-7.0.7
FortiClientLinux-7.0.6
FortiClientLinux-7.0.5
FortiClientLinux-7.0.4
FortiClientLinux-7.0.3
FortiClientLinux-7.0.2
FortiClientLinux-7.0.1
FortiClientLinux-7.0.0
FortiClientLinux-6.4.9
FortiClientLinux-6.4.8
FortiClientLinux-6.4.7
FortiClientLinux-6.4.4
FortiClientLinux-6.4.3
FortiClientLinux-6.4.2
FortiClientLinux-6.4.1
FortiClientLinux-6.4.0
FortiClientMac-7.2.4
FortiClientMac-7.2.3
FortiClientMac-7.2.2
FortiClientMac-7.2.1
FortiClientMac-7.2.0
FortiClientMac-7.0.14
FortiClientMac-7.0.13
FortiClientMac-7.0.12
FortiClientMac-7.0.11
FortiClientMac-7.0.10
FortiClientMac-7.0.9
FortiClientMac-7.0.8
FortiClientMac-7.0.7
FortiClientMac-7.0.6
FortiClientMac-7.0.5
FortiClientMac-7.0.4
FortiClientMac-7.0.3
FortiClientMac-7.0.2
FortiClientMac-7.0.1
FortiClientMac-7.0.0
FortiClientMac-6.4.10
FortiClientMac-6.4.9
FortiClientMac-6.4.8
FortiClientMac-6.4.7
FortiClientMac-6.4.6
FortiClientMac-6.4.5
FortiClientMac-6.4.4
FortiClientMac-6.4.3
FortiClientMac-6.4.2
FortiClientMac-6.4.1
FortiClientMac-6.4.0
FortiClientWindows-7.2.2
FortiClientWindows-7.2.1
FortiClientWindows-7.2.0
FortiClientWindows-7.0.10
FortiClientWindows-7.0.9
FortiClientWindows-7.0.8
FortiClientWindows-7.0.7
FortiClientWindows-7.0.6
FortiClientWindows-7.0.5
FortiClientWindows-7.0.4
FortiClientWindows-7.0.3
FortiClientWindows-7.0.2
FortiClientWindows-7.0.1
FortiClientWindows-7.0.0
FortiClientWindows-6.4.10
FortiClientWindows-6.4.9
FortiClientWindows-6.4.8
FortiClientWindows-6.4.7
FortiClientWindows-6.4.6
FortiClientWindows-6.4.5
FortiClientWindows-6.4.4
FortiClientWindows-6.4.3
FortiClientWindows-6.4.2
FortiClientWindows-6.4.1
FortiClientWindows-6.4.0
FortiSOAR on-premise-7.4.0
FortiSOAR on-premise-7.3.1
FortiSOAR on-premise-7.3.0
FortiSOAR on-premise-7.2.1
FortiSOAR on-premise-7.2.0
FortiSOAR on-premise-7.0.3
FortiSOAR on-premise-7.0.2
FortiSOAR on-premise-7.0.1
FortiSOAR on-premise-7.0.0
FortiSOAR on-premise-6.4.4
FortiSOAR on-premise-6.4.3
FortiSOAR on-premise-6.4.1
FortiSOAR on-premise-6.4.0
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-23-381
CVE-2023-4863 - Heap overflow in Chrome/libwebp
Reference>
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-4863
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-4863
[2] https://www.wiz.io/blog/cve-2023-4863-and-cve-2023-5217-exploited-in-the-wild
[2] https://www.wiz.io/blog/cve-2023-4863-and-cve-2023-5217-exploited-in-the-wild