Fluid Attacks Database

Description

libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/chai2010/webp	>=1.1.2 <1.4.0 \|\| >=0 <0.0.0-20250406010349-76805d5a8860 \|\| >=0.0.0 <1.1.2-0.20250406010349-76805d5a8860	1.4.0, 0.0.0-20250406010349-76805d5a8860, 1.1.2-0.20250406010349-76805d5a8860
alpine v3.21	libwebp	=0.1.2-r0 \|\| =0.1.2-r1 \|\| =0.1.3-r0 \|\| =0.1.99-r0 \|\| =0.2.0-r0 \|\| =0.2.1-r0 \|\| =0.3.0-r0 \|\| =0.3.1-r0 \|\| =0.3.1-r1 \|\| =0.4.0-r1 \|\| =0.4.1-r0 \|\| =0.4.2-r0 \|\| =0.4.3-r0 \|\| =0.4.4-r0 \|\| =0.5.0-r0 \|\| =0.5.1-r0 \|\| =0.5.2-r0 \|\| =0.6.0-r0 \|\| =0.6.0-r1 \|\| =0.6.1-r0 \|\| =1.0.0-r0 \|\| =1.0.1-r0 \|\| =1.0.2-r0 \|\| =1.0.3-r0 \|\| =1.1.0-r0 \|\| =1.2.0-r0 \|\| =1.2.0-r1 \|\| =1.2.0-r2 \|\| =1.2.1-r0 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.3.0-r0 \|\| =1.3.0-r1 \|\| =1.3.0-r2 \|\| =1.3.0-r3 \|\| =1.3.1-r0 \|\| >=0 <1.3.1-r1	1.3.1-r1
nuget	magick.net-q16-hdri-anycpu	>=0 <13.3.0	13.3.0
alpine v3.18	libwebp	=0.1.2-r0 \|\| =0.1.2-r1 \|\| =0.1.3-r0 \|\| =0.1.99-r0 \|\| =0.2.0-r0 \|\| =0.2.1-r0 \|\| =0.3.0-r0 \|\| =0.3.1-r0 \|\| =0.3.1-r1 \|\| =0.4.0-r1 \|\| =0.4.1-r0 \|\| =0.4.2-r0 \|\| =0.4.3-r0 \|\| =0.4.4-r0 \|\| =0.5.0-r0 \|\| =0.5.1-r0 \|\| =0.5.2-r0 \|\| =0.6.0-r0 \|\| =0.6.0-r1 \|\| =0.6.1-r0 \|\| =1.0.0-r0 \|\| =1.0.1-r0 \|\| =1.0.2-r0 \|\| =1.0.3-r0 \|\| =1.1.0-r0 \|\| =1.2.0-r0 \|\| =1.2.0-r1 \|\| =1.2.0-r2 \|\| =1.2.1-r0 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.3.0-r0 \|\| =1.3.0-r1 \|\| =1.3.0-r2 \|\| =1.3.1-r0 \|\| >=0 <1.3.1-r1	1.3.1-r1
debian 11	chromium	=100.0.4896.127-1 \|\| =100.0.4896.127-1~deb11u1 \|\| =100.0.4896.60-1 \|\| =100.0.4896.60-1~deb11u1 \|\| =100.0.4896.75-1 \|\| =100.0.4896.75-1~deb11u1 \|\| =100.0.4896.88-1 \|\| =100.0.4896.88-1~deb11u1 \|\| =101.0.4951.41-1 \|\| =101.0.4951.41-1~deb11u1 \|\| =101.0.4951.41-2 \|\| =101.0.4951.54-1 \|\| =101.0.4951.64-1 \|\| =101.0.4951.64-1~deb11u1 \|\| =102.0.5005.115-1 \|\| =102.0.5005.115-1~deb11u1 \|\| =102.0.5005.61-1 \|\| =102.0.5005.61-1~deb11u1 \|\| =103.0.5060.114-1 \|\| =103.0.5060.114-1~deb11u1 \|\| =103.0.5060.134-1 \|\| =103.0.5060.134-1~deb11u1 \|\| =103.0.5060.53-1 \|\| =103.0.5060.53-1~deb11u1 \|\| =104.0.5112.101-1 \|\| =104.0.5112.101-1~deb11u1 \|\| =104.0.5112.79-1 \|\| =104.0.5112.79-1~deb11u1 \|\| =105.0.5195.102-1 \|\| =105.0.5195.102-1~deb11u1 \|\| =105.0.5195.125-1 \|\| =105.0.5195.125-1~deb11u1 \|\| =105.0.5195.52-1 \|\| =105.0.5195.52-1~deb11u1 \|\| =106.0.5249.103-1 \|\| =106.0.5249.103-2 \|\| =106.0.5249.119-1 \|\| =106.0.5249.119-1~deb11u1 \|\| =106.0.5249.61-1 \|\| =106.0.5249.61-1~deb11u1 \|\| =106.0.5249.91-1 \|\| =106.0.5249.91-1~deb11u1 \|\| =107.0.5304.110-1 \|\| =107.0.5304.110-1~deb11u1 \|\| =107.0.5304.110-2 \|\| =107.0.5304.121-1 \|\| =107.0.5304.121-1~deb11u1 \|\| =107.0.5304.68-1 \|\| =107.0.5304.68-1~deb11u1 \|\| =107.0.5304.87-1 \|\| =107.0.5304.87-1~deb11u1 \|\| =108.0.5359.124-1 \|\| =108.0.5359.124-1~deb11u1 \|\| =108.0.5359.71-1 \|\| =108.0.5359.71-2 \|\| =108.0.5359.71-2~deb11u1 \|\| =108.0.5359.94-1 \|\| =108.0.5359.94-1~deb11u1 \|\| =109.0.5414.119-1 \|\| =109.0.5414.119-1~deb11u1 \|\| =109.0.5414.74-1 \|\| =109.0.5414.74-2 \|\| =109.0.5414.74-2~deb11u1 \|\| =110.0.5481.177-1 \|\| =110.0.5481.177-1~deb11u1 \|\| =110.0.5481.77-1 \|\| =110.0.5481.77-1~deb11u1 \|\| =110.0.5481.77-2 \|\| =111.0.5563.110-1 \|\| =111.0.5563.110-1~deb11u1 \|\| =111.0.5563.64-1 \|\| =111.0.5563.64-1~deb11u1 \|\| =112.0.5615.121-1 \|\| =112.0.5615.121-1~deb11u1 \|\| =112.0.5615.138-1 \|\| =112.0.5615.138-1~deb11u1 \|\| =112.0.5615.49-1 \|\| =112.0.5615.49-2 \|\| =112.0.5615.49-2~deb11u1 \|\| =112.0.5615.49-2~deb11u2 \|\| =113.0.5672.126-1 \|\| =113.0.5672.126-1~deb11u1 \|\| =113.0.5672.63-1 \|\| =113.0.5672.63-1~deb11u1 \|\| =113.0.5672.63-2 \|\| =114.0.5735.106-1 \|\| =114.0.5735.106-1~deb11u1 \|\| =114.0.5735.106-1~deb12u1 \|\| =114.0.5735.133-1 \|\| =114.0.5735.133-1~deb11u1 \|\| =114.0.5735.133-1~deb12u1 \|\| =114.0.5735.198-1 \|\| =114.0.5735.198-1~deb11u1 \|\| =114.0.5735.198-1~deb12u1 \|\| =114.0.5735.90-1 \|\| =114.0.5735.90-2 \|\| =114.0.5735.90-2~deb11u1 \|\| =114.0.5735.90-2~deb12u1 \|\| =115.0.5790.102-1 \|\| =115.0.5790.102-2 \|\| =115.0.5790.170-1 \|\| =115.0.5790.170-1~deb11u1 \|\| =115.0.5790.170-1~deb12u1 \|\| =115.0.5790.98-1 \|\| =115.0.5790.98-1~deb11u1 \|\| =115.0.5790.98-1~deb12u1 \|\| =115.0.5790.98-2 \|\| =116.0.5845.110-1 \|\| =116.0.5845.110-1~deb11u1 \|\| =116.0.5845.110-1~deb12u1 \|\| =116.0.5845.110-2 \|\| =116.0.5845.140-1 \|\| =116.0.5845.140-1~deb11u1 \|\| =116.0.5845.140-1~deb12u1 \|\| =116.0.5845.180-1 \|\| =116.0.5845.180-1~deb11u1 \|\| =116.0.5845.180-1~deb12u1 \|\| =116.0.5845.96-1 \|\| =116.0.5845.96-1~deb11u1 \|\| =116.0.5845.96-1~deb12u1 \|\| =116.0.5845.96-2 \|\| =117.0.5938.62-1~deb11u1 \|\| =117.0.5938.62-1~deb12u1 \|\| =90.0.4430.212-1 \|\| =93.0.4577.82-1 \|\| =97.0.4692.71-0.1 \|\| =97.0.4692.71-0.1~deb11u1 \|\| =97.0.4692.99-1 \|\| =97.0.4692.99-1~deb11u1 \|\| =97.0.4692.99-1~deb11u2 \|\| =98.0.4758.102-1 \|\| =98.0.4758.102-1~deb11u1 \|\| =98.0.4758.80-1 \|\| =98.0.4758.80-1~deb11u1 \|\| =99.0.4818.0-0.1 \|\| =99.0.4844.51-1 \|\| =99.0.4844.51-1~deb11u1 \|\| =99.0.4844.51-2 \|\| =99.0.4844.74-1 \|\| =99.0.4844.74-1~deb11u1 \|\| =99.0.4844.84-1 \|\| =99.0.4844.84-1~deb11u1 \|\| >=0 <117.0.5938.62-1	117.0.5938.62-1
nuget	skiasharp	>=2.0.0 <2.88.6	2.88.6
pypi	pillow	>=0 <10.0.1	10.0.1
npm	electron	>=22.0.0 <22.3.24 \|\| >=24.0.0 <24.8.3 \|\| >=25.0.0 <25.8.1 \|\| >=26.0.0 <26.2.1 \|\| >=27.0.0-beta.1 <27.0.0-beta.2	22.3.24, 24.8.3, 25.8.1, 26.2.1, 27.0.0-beta.2
nuget	magick.net-q16-anycpu	>=0 <13.3.0	13.3.0
nuget	magick.net-q16-x64	>=0 <13.3.0	13.3.0

1-10 of 53

Aliases

1. CVE-2023-48632. NVD-2023-48633. OSV-2023-48634. OSV-ALPINE-2023-48635. OSV-DEBIAN-2023-48636. GCVE-2023-48637. security.gentoo.org8. security.gentoo.org9. SECURITY-TRACKER-CVE-2023-486310. lists.debian.org11. lists.debian.org12. lists.debian.org13. SECURITY-CVE-2023-4863

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.