Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00YzI5LWdmcnAtZzZ4Oc4AA2QO
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding
Google is aware that an exploit for CVE-2023-5217 exists in the wild.
Description
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
Permalink: https://github.com/advisories/GHSA-4c29-gfrp-g6x9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00YzI5LWdmcnAtZzZ4Oc4AA2QO
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
Identifiers: GHSA-4c29-gfrp-g6x9
References:
- https://github.com/cefsharp/CefSharp/security/advisories/GHSA-4c29-gfrp-g6x9
- https://github.com/cefsharp/CefSharp/commit/45e66f7c0f9094f2fd81ab57b37a9ed9576b51b8
- https://github.com/advisories/GHSA-4c29-gfrp-g6x9
Blast Radius: 1.0
Affected Packages
nuget:CefSharp.Common.NETCore
Dependent packages: 18Dependent repositories: 0
Downloads: 1,116,846 total
Affected Version Ranges: < 117.2.20
Fixed in: 117.2.20
All affected versions: 87.1.132, 88.2.90, 89.0.170, 90.6.50, 90.6.70, 91.1.160, 91.1.210, 91.1.211, 91.1.230, 92.0.251, 92.0.260, 93.1.111, 93.1.140, 94.4.20, 94.4.50, 94.4.110, 95.7.141, 96.0.141, 96.0.142, 96.0.170, 96.0.180, 97.1.11, 97.1.12, 97.1.60, 97.1.61, 98.1.190, 98.1.210, 99.2.90, 99.2.120, 99.2.140, 100.0.140, 100.0.230, 101.0.150, 101.0.180, 102.0.90, 102.0.100, 103.0.80, 103.0.90, 103.0.120, 104.4.180, 104.4.240, 105.3.330, 105.3.390, 106.0.260, 106.0.290, 107.1.40, 107.1.50, 107.1.90, 107.1.120, 108.4.130, 109.1.110, 110.0.250, 110.0.280, 110.0.300, 111.2.20, 111.2.70, 112.2.70, 112.3.0, 113.1.40, 113.3.50, 114.2.100, 114.2.120, 115.3.110, 115.3.130, 116.0.130, 116.0.150, 116.0.190, 116.0.230
All unaffected versions: 117.2.20, 117.2.40, 118.6.80, 119.1.20, 119.4.30, 120.1.80, 120.1.110, 120.2.50, 120.2.70, 121.3.70, 121.3.130, 122.1.120, 123.0.60, 124.3.20, 124.3.50, 124.3.80, 125.0.210, 126.2.70, 126.2.180, 127.3.50, 128.4.90, 129.0.110, 130.1.90
nuget:CefSharp.Common
Dependent packages: 27Dependent repositories: 0
Downloads: 7,790,968 total
Affected Version Ranges: < 117.2.20
Fixed in: 117.2.20
All affected versions: 33.0.0, 33.0.2, 37.0.0, 37.0.1, 37.0.2, 37.0.3, 39.0.0, 39.0.1, 39.0.2, 41.0.0, 41.0.1, 43.0.0, 43.0.1, 45.0.0, 47.0.0, 47.0.1, 47.0.2, 47.0.3, 47.0.4, 49.0.0, 49.0.1, 51.0.0, 53.0.0, 53.0.1, 55.0.0, 57.0.0, 63.0.0, 63.0.1, 63.0.2, 63.0.3, 65.0.0, 65.0.1, 67.0.0, 69.0.0, 71.0.0, 71.0.1, 71.0.2, 73.1.130, 75.1.141, 75.1.142, 75.1.143, 79.1.350, 79.1.360, 81.3.100, 83.4.20, 84.4.10, 85.3.121, 85.3.130, 86.0.241, 87.1.132, 88.2.90, 89.0.170, 90.6.50, 90.6.70, 91.1.160, 91.1.210, 91.1.211, 91.1.230, 92.0.251, 92.0.260, 93.1.111, 93.1.140, 94.4.20, 94.4.50, 94.4.110, 95.7.141, 96.0.141, 96.0.142, 96.0.170, 96.0.180, 97.1.11, 97.1.12, 97.1.60, 97.1.61, 98.1.190, 98.1.210, 99.2.90, 99.2.120, 99.2.140, 100.0.140, 100.0.230, 101.0.150, 101.0.180, 102.0.90, 102.0.100, 103.0.80, 103.0.90, 103.0.120, 104.4.180, 104.4.240, 105.3.330, 105.3.390, 106.0.260, 106.0.290, 107.1.40, 107.1.50, 107.1.90, 107.1.120, 108.4.130, 109.1.110, 110.0.250, 110.0.280, 110.0.300, 111.2.20, 111.2.70, 112.2.70, 112.3.0, 113.1.40, 113.3.50, 114.2.100, 114.2.120, 115.3.110, 115.3.130, 116.0.130, 116.0.150, 116.0.190, 116.0.230
All unaffected versions: 117.2.20, 117.2.40, 118.6.80, 119.1.20, 119.4.30, 120.1.80, 120.1.110, 120.2.50, 120.2.70, 121.3.70, 121.3.130, 122.1.120, 123.0.60, 124.3.20, 124.3.50, 124.3.80, 125.0.210, 126.2.70, 126.2.180, 127.3.50, 128.4.90, 129.0.110, 130.1.90