This advisory is archived
Archived security advisories updated before March 15, 2024 have been migrated from our previous documentation site in their original format. For this reason, they may not conform to the updated look and feel of advisories published after March 15, 2024.
- Advisory ID: CV_2023_10_1
- Title: Libwebp Vulnerability
- Severity: CRITICAL
- Issued: 2023-10-04
- Updated: 2023-10-04
- CVSS Score Range: 9.0 - 10.0
- Additional Links:
Impacted Products
We are aware that some third-party components that we use include the libwebp package. However, our initial analysis indicate that the vulnerability does not affect Commvault products.
Resolution
As a precautionary measure, we are monitoring the third-party components for any fixes. As and when we have an updated version of the third-party component, we will issue an update for the same.
CVE Details
| Info | Description |
|---|---|
| Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) |