Security Advisories

Documentation Cloud Services Solutions

CV_2023_10_1: Libwebp Vulnerability CRITICAL

  This advisory is archived

Archived security advisories updated before March 15, 2024 have been migrated from our previous documentation site in their original format. For this reason, they may not conform to the updated look and feel of advisories published after March 15, 2024.

  • Advisory ID: CV_2023_10_1
  • Title: Libwebp Vulnerability
  • Severity: CRITICAL
  • Issued: 2023-10-04
  • Updated: 2023-10-04
  • CVSS Score Range: 9.0 - 10.0
  • Additional Links:

Impacted Products

We are aware that some third-party components that we use include the libwebp package. However, our initial analysis indicate that the vulnerability does not affect Commvault products.


As a precautionary measure, we are monitoring the third-party components for any fixes. As and when we have an updated version of the third-party component, we will issue an update for the same.

CVE Details

Info Description

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)