CVE-2023-5217
| CVE Published | 2023-09-28 |
|---|---|
| Related CWE(s) | CWE-787: Out-of-bounds Write |
| Related Vendor(s) | microsoft, fedoraproject, webmproject, mozilla, apple, debian |
| Related Product(s) | thunderbird, libvpx, ipad_os, firefox_esr, iphone_os, firefox_focus, firefox, fedora, edge, debian_linux, edge_chromium |
| Exploitation Reported (CISA KEV) | 2023-10-02 |
| CVSS 3 Base Score | 8.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph
Threat Reports Related to CVE-2023-5217
Report
We're All in this Together - A Year in Review of Zero-Days Exploited In-the-Wild in 2023
This report from Mandiant and Google Threat Analysis Group (TAG) presents combined analysis of zero day vulnerability exploitation in 2023. The ...