Heap Buffer Overflow in libwebp WebP Codec
Advisory ID
WGSA-2023-00008
CVE
CVE-2023-4863
Impact
Critical
Status
Not Applicable
Product Family
Firebox,
Dimension,
WatchGuard Cloud,
Secure Wi-Fi
Published Date
Updated Date
Workaround Available
False
Summary
On September 11th 2023, Google published an advisory describing a vulnerability in Google Chrome that could allow a remote attacker to potentially execute arbitrary code using a carefully crafted WebP image file. On September 25th, the vulnerability scope was expanded to include the libwebp library used by many applications beyond Google Chrome.
Affected
No WatchGuard products use the affected version of the libwebp library
Resolution
No resolution necessary
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
Firebox
|
Fireware OS 12.5.x | T15, T35 |
Dimension
|
Dimension | Dimension |
WatchGuard Cloud
|
WatchGuard Cloud | WatchGuard Cloud |
Secure Wi-Fi
|
Wi-Fi 4 & 5 | AP125, AP225W, AP325, AP327X, AP420 |
Secure Wi-Fi
|
Wi-Fi 6 | AP130, AP330, AP332CR, AP430CR, AP432 |