CentOS 8 Patch CVE-2023-4863
September 29, 2023

CVE-2023-4863: Critical Vulnerability on libwebp

Operating Systems
Security

By

CVE 2023-4863 is a critical vulnerability impacting libwebp, a popular code library. libwebp is included in open source software such as NGINX, Joomla, WordPress, Node.js and CentOS Linux versions 7 and 8. 

In this blog, learn about CVE 2023-4863 and the new security patch from OpenLogic that is available to customers with CentOS 8 long-term support

What is CVE-2023-4863?

Google issued a new CVE, CVE-2023-5129, with the highest CVSS severity score of 10 out of 10, that score is considered the most critical exploitable vulnerability in software. On September 27, CVE-2023-5129 was rejected citing duplication with CVE-2023-4863 which now includes information about the libwebp vulnerability and critical impact.

Still a high-severity vulnerability, CVE-2023-4863 has a CVSS v3 score of 8.8 described as a Heap Buffer Overflow vulnerability in the WebP codec. WebP is used as an effective image file format to compress, archive, and distribute images. The libwebp library allows applications to support WebP file formats.

A Heap Buffer Overflow vulnerability arises when a program exceeds the allocated memory capacity within a dynamically assigned memory region (heap). This typically results from inadequate input validation or errors in memory administration. Malicious actors can exploit this to overwrite essential heap data structures, potentially leading to malicious program behavior.

OpenLogic Patch for CVE-2023-4863 Available

OpenLogic has published a new patch to address CVE-2023-4863 on CentOS 8. OpenLogic customers with CentOS 8 LTS receive patches for high-severity CVEs post end-of-life and this one requires immediate attention. OpenLogic customers can access the latest patch in the OpenLogic private repository. 

Need CentOS 8 Long-Term Support? 

CentOS LTS from OpenLogic includes patches for five years past EOL so you can migrate when you're ready.

Request a Quote

Additional Resources

Javier Perez 2023 Headshot

Javier Perez

Chief OSS Evangelist and Senior Director of Product Management, Perforce Software

Passionate about technology and open source software, Javier is the Chief Open Source Evangelist and Senior Director of Product Management at Perforce Software. He is responsible for technical thought leadership and advocacy for open source software while driving the OpenLogic by Perforce offering. Javier has been in the application development, open source, cloud, app security, AI, SaaS, and mobile industries for 25+ years. As a speaker and blogger, he has had the opportunity to present at industry events all over the world. Javier holds an honors degree in Computer Systems and an MBA.