Fluid Attacks Database

Description

CefSharp affected by libvpx's heap buffer overflow in vp8 encoding Google is aware that an exploit for CVE-2023-5217 exists in the wild.

Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

https://www.cve.org/CVERecord?id=CVE-2023-5217

https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	cefsharp.common	>=0 <117.2.20	117.2.20
nuget	cefsharp.common.netcore	>=0 <117.2.20	117.2.20

Aliases

1. GHSA-4c29-gfrp-g6x92. GCVE-GHSA-4c29-gfrp-g6x9

References

1. https://github.com/cefsharp/CefSharp/security/advisories/GHSA-4c29-gfrp-g6x92. https://github.com/cefsharp/CefSharp/commit/45e66f7c0f9094f2fd81ab57b37a9ed9576b51b8

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.