CVE-2023-5217

CVE Database · CVE-2023-5217

CVE-2023-5217

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

34.40%

Published

Sep 28, 2023

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2023-10-02 · Due: 2023-10-23

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (4)

All weaponized →

TrickestTrickest PoC index GitHub PoCUT-Security/cve-2023-5217-poc★16 GitHub PoCTrinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217★0 GitHub PoCTrinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (21)

webmproject · libvpx (up to 1.13.1)vulnerable

microsoft · edgevulnerable

microsoft · edge_chromiumvulnerable

mozilla · firefox (up to 115.3.1)vulnerable

mozilla · firefox (up to 118.0.1)vulnerable

mozilla · firefox (up to 118.1)vulnerable

mozilla · thunderbird (up to 115.3.1)vulnerable

References (20)

http://seclists.org/fulldisclosure/2023/Oct/12

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/16

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/28/5

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/28/6

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/29/1

Mailing List

KEV Catalog EPSS Scores Vendors All CVEs