VIR Vulnerability Intelligence Relay

CVE-2023-5129

high
Published 2023-09-12 · Modified 2026-02-04
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2
VIR risk
8.0

Description

libwebp: OOB write in BuildHuffmanTable

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5214

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-5129.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5201

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5224

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5214

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5200

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
rockylinux rocky8fixed
suse slesaffected
rockylinux rocky9fixed

Package impact
EcosystemPackageVulnerableFixed
rust crates.iolibwebp-sys
rust crates.iolibwebp-sys2
rust crates.iolibwebp-sys2<0.1.80.1.8
rust crates.iolibwebp-sys<0.9.30.9.3
npm npmelectron>=22.0.0,<22.3.2422.3.24
npm npmelectron>=24.0.0,<24.8.324.8.3
npm npmelectron>=25.0.0,<25.8.125.8.1
npm npmelectron>=26.0.0,<26.2.126.2.1
npm npmelectron>=27.0.0-beta.1,<27.0.0-beta.227.0.0-beta.2
nuget NuGetSkiaSharp>=2.0.0,<2.88.62.88.6
golang Gogithub.com/chai2010/webp>=1.1.2,<1.4.01.4.0
python PyPIpillow<10.0.110.0.1
rust crates.iowebp<0.2.60.2.6
nuget NuGetmagick.net-q16-anycpu<13.3.013.3.0
nuget NuGetmagick.net-q16-hdri-anycpu<13.3.013.3.0
nuget NuGetmagick.net-q16-x64<13.3.013.3.0
nuget NuGetmagick.net-q8-anycpu<13.3.013.3.0
nuget NuGetmagick.net-q8-openmp-x64<13.3.013.3.0
nuget NuGetmagick.net-q8-x64<13.3.013.3.0
golang Gogithub.com/chai2010/webp<0.0.0-20250406010349-76805d5a88600.0.0-20250406010349-76805d5a8860
golang Gogithub.com/chai2010/webp>=0.0.0,<1.1.2-0.20250406010349-76805d5a88601.1.2-0.20250406010349-76805d5a8860
rust crates.iolibwebp-sys>=0.0.0-0,<0.9.30.9.3
rust crates.iolibwebp-sys2>=0.0.0-0,<0.1.80.1.8

References

Verify integrity in audit chain (admin only). AS-IS.