CVE-2023-4863: Critical Vulnerability on libwebp
CVE 2023-4863 is a critical vulnerability impacting libwebp, a popular code library. libwebp is included in open source software such as NGINX, Joomla, WordPress, Node.js and CentOS Linux versions 7 and 8.
In this blog, learn about CVE 2023-4863 and the new security patch from OpenLogic that is available to customers with CentOS 8 long-term support.
What is CVE-2023-4863?
Google issued a new CVE, CVE-2023-5129, with the highest CVSS severity score of 10 out of 10, that score is considered the most critical exploitable vulnerability in software. On September 27, CVE-2023-5129 was rejected citing duplication with CVE-2023-4863 which now includes information about the libwebp vulnerability and critical impact.
Still a high-severity vulnerability, CVE-2023-4863 has a CVSS v3 score of 8.8 described as a Heap Buffer Overflow vulnerability in the WebP codec. WebP is used as an effective image file format to compress, archive, and distribute images. The libwebp library allows applications to support WebP file formats.
A Heap Buffer Overflow vulnerability arises when a program exceeds the allocated memory capacity within a dynamically assigned memory region (heap). This typically results from inadequate input validation or errors in memory administration. Malicious actors can exploit this to overwrite essential heap data structures, potentially leading to malicious program behavior.
OpenLogic Patch for CVE-2023-4863 Available
OpenLogic has published a new patch to address CVE-2023-4863 on CentOS 8. OpenLogic customers with CentOS 8 LTS receive patches for high-severity CVEs post end-of-life and this one requires immediate attention. OpenLogic customers can access the latest patch in the OpenLogic private repository.
Need CentOS 8 Long-Term Support?
OpenLogic LTS provides support for five years past EOL, with technical support and professional services.
- Support Offering - CentOS Support and Services
- Datasheet - Enterprise Linux Support
- Blog - The Long-Term Outlook for CentOS 7 Support
- Blog - 10 Reasons Why Companies Choose OpenLogic for OSS Support
- Blog - Finding the Best Enterprise Linux Distro for Your Organization
- On-Demand Webinar - Discussing the Future for CentOS
- White Paper - Decision Maker's Guide to Enterprise Linux