all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Heap Buffer Overflow vulnerability in libwep (CVE-2023-5129)

Add to bookmarks
Nov. 8, 2023, 9:59 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is libwebp?




Libwebp is an open-source library developed by Google for encoding and decoding images in the Webp format. Libwebp is used by various software applications, inlcuding web browsers (i.e. Chrome, Microsoft Edge, Safari, and Mozilla Firefox), image editors, Content Delivery Networks (CDNs), and various website and online services.








What is the Attack?


CVE-2023-5129 is a heap buffer overflow vulnerability that affects libwebp. Successful exploitation of the vulnerability can result in remote code execution or cause a denial-of-service (DoS) …

applications browsers buffer buffer overflow buffer overflow vulnerability chrome content delivery cve cve-2023-5129 decoding delivery edge encoding firefox google heap buffer overflow image images library libwebp microsoft microsoft edge mozilla mozilla firefox networks online services overflow safari services software software applications vulnerability web web browsers webp website what is

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671) 4 days, 14 hours ago | fortiguard.fortinet.com
browser can chrome chromium +15
GitLab Password Reset Vulnerability (CVE-2023-7028) 1 week ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 1 week, 2 days ago | fortiguard.fortinet.com
actor arbitrary code can code +21
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 week, 4 days ago | fortiguard.fortinet.com
access advisory application attackers +29
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 2 weeks, 2 days ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 2 weeks, 4 days ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 3 weeks, 2 days ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 3 weeks, 2 days ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 1 month ago | fortiguard.fortinet.com
advisory attack code code injection +27

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Associate Engineer (Security Operations Centre)

@ People Profilers | Singapore, Singapore, Singapore
View on infosec-jobs.com

DevSecOps Engineer

@ Australian Payments Plus | Sydney, New South Wales, Australia
View on infosec-jobs.com

Senior Cybersecurity Specialist

@ SmartRecruiters Inc | Poland, Poland
View on infosec-jobs.com