CVE-2023-5129

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5129
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

07 Nov 2023, 04:23

Type Values Removed Values Added
Summary ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.

27 Sep 2023, 21:15

Type Values Removed Values Added
Summary With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue. ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
References
  • {'url': 'https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a', 'name': 'https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a', 'tags': ['Patch'], 'refsource': 'MISC'}
  • {'url': 'https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76', 'name': 'https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76', 'tags': ['Patch'], 'refsource': 'MISC'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/09/26/1', 'name': 'http://www.openwall.com/lists/oss-security/2023/09/26/1', 'tags': [], 'refsource': 'MISC'}
CWE CWE-787
CPE cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : unknown

27 Sep 2023, 15:19

Type Values Removed Values Added
First Time Webmproject
Webmproject libwebp
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/09/26/1 -
References (MISC) https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a - (MISC) https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a - Patch
References (MISC) https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 - (MISC) https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 - Patch
CWE CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*

25 Sep 2023, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-25 21:15

Updated : 2024-04-16 18:27

NVD link : CVE-2023-5129

Mitre link : CVE-2023-5129

CVE.ORG link : CVE-2023-5129

JSON object : View

Products Affected

No product.

CWE

No CWE.