HTTP: Google libwebp BuildHuffmanTable Heap Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Google libwebp. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the vulnerable application opening the WebP file.

Extended Description

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Affected Products

Microsoft edge_chromium

Short Name
HTTP:OVERFLOW:GOOGLE-LIBWEBP-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Buffer BuildHuffmanTable CVE-2023-4863 Google Heap Overflow libwebp
Release Date
11/17/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3767
False Positive
Unknown
Vendors

Google

Bentley

Mozilla

Microsoft

Webmproject

Bandisoft

Fedoraproject

Netapp

Debian

Found a potential security threat?