"research team has independently verified the proof of concept from the original writeup by ben hawkes. we have recreated the buffer overflow in the affected version of libwebp by using the crafted webp file from the writeup. at this time, we have not developed this proof of conce…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
51%
"critical vuln : webp heap buffer overflow cve - 2023 - 4863 | huntress the huntress team is currently investigating cve - 2023 - 4863, a heap buffer overflow in the webp image encoding / decoding ( codec ) library ( libwebp ). threat actors are exploiting this critical vulnerabil…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
38%
"- of - bounds write to the heap during image decoding and can potentially lead to denial - of - service or remote code execution. - huntress confirms that our products are not affected by this vulnerability at the time of writing this post. - the huntress research team has reprod…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1203Exploitation for Client Execution
34%
"critical vuln : webp heap buffer overflow cve - 2023 - 4863 | huntress the huntress team is currently investigating cve - 2023 - 4863, a heap buffer overflow in the webp image encoding / decoding ( codec ) library ( libwebp ). threat actors are exploiting this critical vulnerabil…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Huntress is tracking a new critical vulnerability seen in the wild that affects anything using the libwebp WebP image library. Here’s what we know so far.