LR pixel

What is libwebp?

Libwebp is an open-source library developed by Google for encoding and decoding images in the Webp format. Libwebp is used by various software applications, inlcuding web browsers (i.e. Chrome, Microsoft Edge, Safari, and Mozilla Firefox), image editors, Content Delivery Networks (CDNs), and various website and online services.

What is the Attack?

CVE-2023-5129 is a heap buffer overflow vulnerability that affects libwebp. Successful exploitation of the vulnerability can result in remote code execution or cause a denial-of-service (DoS) condition.

Google initially identified this as a Chrome vulnerability and assigned it CVE-2023-4863. It turns out that the vulnerability affects the libwebp library, which has broader impact beyond Chrome. This prompted Google to assign a new CVE (CVE-2023-5129) to the vulnerability. The CVSS score has also been raised accordingly from 8.8 to 10.

Why is this Significant?

This is significant because the vulnerability affects widely used libwebp library and is being exploited in the wild, which means that a large number of users could be potentially affected. CISA added the vulnerability to the Known Exploited Vulnerabilities (KEV) catalog on September 13th, 2023. As such, patches should be applied as soon as they become available.

What is the Vendor Solution?

Although Google released a patch for Chrome on September 11, 2023, each software application that employs libwebp need to distribute its own update. As such, it’s important to keep all software up to date.

What FortiGuard Coverage is available?

FortiGuard Labs has released a new IPS signature “Libwebp.BuildHuffmanTable.Heap.Buffer.Overflow” (default action is set to “pass”) in version 25.649.
For a full comprehensive lists of protections from FortiGuard Labs, please visit the Outbreak alert page for further details.