Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qNjQ2LWdqNXAtcDQ1Z84AA1_1

CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

Updated

There is another related security vulnerability.

There's another related CVE (CVE-2023-5217) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (--disable-blink-features=WebCodecs).

As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150

Permalink: https://github.com/advisories/GHSA-j646-gj5p-p45g
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNjQ2LWdqNXAtcDQ1Z84AA1_1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 7 months ago
Updated: 7 months ago

Identifiers: GHSA-j646-gj5p-p45g
References:

Repository: https://github.com/cefsharp/CefSharp
Blast Radius: 1.0

Affected Packages

nuget:CefSharp.Common.NETCore

Dependent packages: 0
Dependent repositories: 0
Downloads: 788,340 total
Affected Version Ranges: < 116.0.230
Fixed in: 116.0.230
All affected versions: 87.1.132, 88.2.90, 89.0.170, 90.6.50, 90.6.70, 91.1.160, 91.1.210, 91.1.211, 91.1.230, 92.0.251, 92.0.260, 93.1.111, 93.1.140, 94.4.20, 94.4.50, 94.4.110, 95.7.141, 96.0.141, 96.0.142, 96.0.170, 96.0.180, 97.1.11, 97.1.12, 97.1.60, 97.1.61, 98.1.190, 98.1.210, 99.2.90, 99.2.120, 99.2.140, 100.0.140, 100.0.230, 101.0.150, 101.0.180, 102.0.90, 102.0.100, 103.0.80, 103.0.90, 103.0.120, 104.4.180, 104.4.240, 105.3.330, 105.3.390, 106.0.260, 106.0.290, 107.1.40, 107.1.50, 107.1.90, 107.1.120, 108.4.130, 109.1.110, 110.0.250, 110.0.280, 110.0.300, 111.2.20, 111.2.70, 112.2.70, 112.3.0, 113.1.40, 113.3.50, 114.2.100, 114.2.120, 115.3.110, 115.3.130, 116.0.130, 116.0.150, 116.0.190
All unaffected versions: 116.0.230, 117.2.20, 117.2.40, 118.6.80, 119.1.20, 119.4.30, 120.1.80, 120.1.110, 120.2.50, 120.2.70, 121.3.70, 121.3.130, 122.1.120, 123.0.60

nuget:CefSharp.Common

Dependent packages: 0
Dependent repositories: 0
Downloads: 6,977,083 total
Affected Version Ranges: < 116.0.230
Fixed in: 116.0.230
All affected versions: 33.0.0, 33.0.2, 37.0.0, 37.0.1, 37.0.2, 37.0.3, 39.0.0, 39.0.1, 39.0.2, 41.0.0, 41.0.1, 43.0.0, 43.0.1, 45.0.0, 47.0.0, 47.0.1, 47.0.2, 47.0.3, 47.0.4, 49.0.0, 49.0.1, 51.0.0, 53.0.0, 53.0.1, 55.0.0, 57.0.0, 63.0.0, 63.0.1, 63.0.2, 63.0.3, 65.0.0, 65.0.1, 67.0.0, 69.0.0, 71.0.0, 71.0.1, 71.0.2, 73.1.130, 75.1.141, 75.1.142, 75.1.143, 79.1.350, 79.1.360, 81.3.100, 83.4.20, 84.4.10, 85.3.121, 85.3.130, 86.0.241, 87.1.132, 88.2.90, 89.0.170, 90.6.50, 90.6.70, 91.1.160, 91.1.210, 91.1.211, 91.1.230, 92.0.251, 92.0.260, 93.1.111, 93.1.140, 94.4.20, 94.4.50, 94.4.110, 95.7.141, 96.0.141, 96.0.142, 96.0.170, 96.0.180, 97.1.11, 97.1.12, 97.1.60, 97.1.61, 98.1.190, 98.1.210, 99.2.90, 99.2.120, 99.2.140, 100.0.140, 100.0.230, 101.0.150, 101.0.180, 102.0.90, 102.0.100, 103.0.80, 103.0.90, 103.0.120, 104.4.180, 104.4.240, 105.3.330, 105.3.390, 106.0.260, 106.0.290, 107.1.40, 107.1.50, 107.1.90, 107.1.120, 108.4.130, 109.1.110, 110.0.250, 110.0.280, 110.0.300, 111.2.20, 111.2.70, 112.2.70, 112.3.0, 113.1.40, 113.3.50, 114.2.100, 114.2.120, 115.3.110, 115.3.130, 116.0.130, 116.0.150, 116.0.190
All unaffected versions: 116.0.230, 117.2.20, 117.2.40, 118.6.80, 119.1.20, 119.4.30, 120.1.80, 120.1.110, 120.2.50, 120.2.70, 121.3.70, 121.3.130, 122.1.120, 123.0.60