Cyber Resilience

CVE-2023-4863

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 12 September 2023

Published
12 September 2023
Modified
24 October 2025
KEV Added
13 September 2023
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9330 99.8th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-4863 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Deeper analysis

The vulnerability CVE-2023-4863 is a heap buffer overflow in the libwebp library, present in Google Chrome versions prior to 116.0.5845.187 and in libwebp releases before 1.3.2. It is tracked as CWE-787 and rated critical with a CVSS 3.1 score of 8.8, reflecting network attack vector, low complexity, and no required privileges.

An unauthenticated remote attacker can exploit the flaw by delivering a crafted HTML page that triggers an out-of-bounds memory write during WebP image processing. Successful exploitation can result in arbitrary code execution or full compromise of the confidentiality, integrity, and availability of the target system.

References on the OpenWall OSS-security mailing lists document the issue and point to the availability of fixes in the noted Chrome and libwebp releases. The associated EPSS score stands at a current value of 0.9330 with a recorded peak of 0.9412.

EU & UK References

Vulnerability details

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

CWE(s)
KEV Date Added
13 September 2023

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1566.001 Spearphishing Attachment Initial Access
Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems.
Why these techniques?

Heap buffer overflow in libwebp enables remote code execution via crafted WebP images processed automatically in browsers (e.g., via HTML pages for drive-by compromise and client exploitation) or attachments (e.g., spearphishing as in BLASTPASS/Pegasus).

Affected Assets

google
chrome
≤ 116.0.5845.187
fedoraproject
fedora
37, 38, 39
debian
debian linux
10.0, 11.0, 12.0
mozilla
firefox
≤ 102.15.1 · ≤ 117.0.1 · 115.1.0 — 115.2.1
mozilla
thunderbird
≤ 102.15.1 · 115.0 — 115.2.2
microsoft
edge chromium
≤ 116.0.1938.81
microsoft
teams
≤ 1.6.00.26463 · ≤ 1.6.00.26474
microsoft
webp image extension
≤ 1.0.62681.0
webmproject
libwebp
≤ 1.3.2
netapp
active iq unified manager
all versions
+2 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification and remediation of software flaws such as the libwebp heap overflow by installing the vendor patches (Chrome 116.0.5845.187+, libwebp 1.3.2+).

prevent

Employs memory-protection techniques (DEP, ASLR, guard pages) that can block successful exploitation of the out-of-bounds write even if the vulnerable code path is reached.

prevent

Enforces least functionality by disabling or sandboxing unnecessary image codecs or WebP processing, thereby reducing the attack surface for crafted WebP content.

References