Home / Vulnerabilities / CVE-2023-5217
HIGH SEVERITY
CVE-2023-5217 Google · Chromium libvpx

Google Chromium libvpx Heap Buffer Overflow Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
8.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

3.46 %
Predictive Probability
Percentile Rank
87.2 th

Documented as more likely to be exploited than 87.2% of known CVEs.

Detection Date

Oct 02, 2023

Remediation Due

Oct 23, 2023

CISA Catalog Active

Threat Analysis

Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

Remediation Directive

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

External Intelligence

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2023-5217