CVE-2023-5217
Google Chromium libvpx Heap Buffer Overflow Vulnerability
CVSS
—
No CVSS
EPSS
49.0%
p99
KEV
YES
Oct 2, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Google / Chromium libvpx
Vulnerability
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Added to KEV
Oct 2, 2023
Remediate by
Oct 23, 2023
Known ransomware use
No
Summary description
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217
No related CVEs by CWE or product.