virus logo Threat Signal Report

Heap Buffer Overflow vulnerability in libwep (CVE-2023-5129)

Description

What is libwebp? Libwebp is an open-source library developed by Google for encoding and decoding images in the Webp format. Libwebp is used by various software applications, inlcuding web browsers (i.e. Chrome, Microsoft Edge, Safari, and Mozilla Firefox), image editors, Content Delivery Networks (CDNs), and various website and online services.
What is the Attack? CVE-2023-5129 is a heap buffer overflow vulnerability that affects libwebp. Successful exploitation of the vulnerability can result in remote code execution or cause a denial-of-service (DoS) condition.
Google initially identified this as a Chrome vulnerability and assigned it CVE-2023-4863. It turns out that the vulnerability affects the libwebp library, which has broader impact beyond Chrome. This prompted Google to assign a new CVE (CVE-2023-5129) to the vulnerability. The CVSS score has also been raised accordingly from 8.8 to 10.
Why is this Significant? This is significant because the vulnerability affects widely used libwebp library and is being exploited in the wild, which means that a large number of users could be potentially affected. CISA added the vulnerability to the Known Exploited Vulnerabilities (KEV) catalog on September 13th, 2023. As such, patches should be applied as soon as they become available.
What is the Vendor Solution?
Although Google released a patch for Chrome on September 11, 2023, each software application that employs libwebp need to distribute its own update. As such, it's important to keep all software up to date.
What FortiGuard Coverage is available? FortiGuard Labs has released a new IPS signature "Libwebp.BuildHuffmanTable.Heap.Buffer.Overflow" (default action is set to "pass") in version 25.649.
For a full comprehensive lists of protections from FortiGuard Labs, please visit the Outbreak alert page for further details.

description-logoOutbreak Alert

The Google Chromium WebP heap buffer overflow vulnerability has been actively been exploited in the wild. The exploitation of the vulnerability is through a crafted image that can impact the affected applications to crash or lead to arbritrary code execution.

View the full Outbreak Alert Report

Telemetry

Appendix

Outbreak Alerts: Google Chromium WebP Vulnerability (Fortinet)

Stable Channel Update for Desktop (Google)

Known Exploited Vulnerabilities Catalog (CISA)

CVE-2023-5129 (MITRE)

CVE-2023-4863 (MITRE)


ID 65
Date Sep 27, 2023
Outbreak Alert Google Chromium Buffer Overflow
CVE ID CVE-2023-5129
CVE-2023-4863
Threat/
Vulnerability		 Vulnerability
FortiGate Device Triggered n/a
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert