Описание
This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
Отчет
This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libwebp | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox:flatpak/firefox | Affected | ||
| Red Hat Enterprise Linux 9 | thunderbird:flatpak/thunderbird | Affected | ||
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2023:5191 | 18.09.2023 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2023:5197 | 18.09.2023 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2023:5184 | 18.09.2023 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2023:5201 | 18.09.2023 |
| Red Hat Enterprise Linux 8 | libwebp | Fixed | RHSA-2023:5309 | 20.09.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | firefox | Fixed | RHSA-2023:5183 | 18.09.2023 |
Показывать по
Дополнительная информация
0 Low
CVSS3
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.
0 Low
CVSS3