First published: Mon Sep 25 2023(Updated: )
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2023-5217 exists in the wild.</p>
Credit: Clément Lecigne Google's Threat Analysis Group chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libvpx | <=1.9.0-1<=1.12.0-1 | 1.12.0-1.1 1.9.0-1+deb11u1 1.12.0-1+deb12u1 |
Webmproject Libvpx | =1.13.1 | |
Google Chrome | <117.0.5938.132 | |
Mozilla Firefox | <118.0.1 | |
Mozilla Firefox | <118.1 | |
Mozilla Firefox ESR | <115.3.1 | |
Mozilla Firefox Focus | <118.1 | |
Apple iOS | <16.7.1 | 16.7.1 |
Apple iPadOS | <16.7.1 | 16.7.1 |
Apple iOS | <17.0.3 | 17.0.3 |
Apple iPadOS | <17.0.3 | 17.0.3 |
Microsoft Edge | <117.0.2045.47 | |
Google Chrome | <117.0.5938.132 | 117.0.5938.132 |
Microsoft Teams for Mac | ||
Microsoft Teams for Desktop | ||
redhat/chromium-browser | <117.0.5938.132 | 117.0.5938.132 |
Microsoft Edge (Chromium-based) | ||
npm/electron | >=27.0.0-alpha.1<27.0.0-beta.8 | 27.0.0-beta.8 |
npm/electron | >=26.0.0<26.2.4 | 26.2.4 |
npm/electron | >=25.0.0<25.8.4 | 25.8.4 |
npm/electron | >=24.0.0<24.8.5 | 24.8.5 |
npm/electron | <22.3.25 | 22.3.25 |
All of | ||
Webmproject Libvpx | <1.13.1 | |
Any of | ||
Google Chrome | <117.0.5938.132 | |
Mozilla Firefox | <118.0.1 | |
Mozilla Firefox | <118.1 | |
Mozilla Firefox ESR | <115.3.1 | |
Mozilla Firefox Focus | <118.1 | |
Microsoft Edge | =116.0.1938.98 | |
Microsoft Edge | =117.0.2045.47 | |
Microsoft Edge Chromium | =116.0.5845.229 | |
Microsoft Edge Chromium | =117.0.5938.132 | |
Mozilla Firefox | <118.0.1 | |
Mozilla Firefox | <118.1 | |
Mozilla Firefox ESR | <115.3.1 | |
Mozilla Firefox Focus | <118.1 | |
Mozilla Thunderbird | <115.3.1 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
Apple Ipad Os | >=17.0<17.0.3 | |
Apple Ipad Os | =16.7 | |
Apple iPhone OS | >=17.0<17.0.3 | |
Apple iPhone OS | =16.7 | |
Mozilla Firefox | <118.0.1 | 118.0.1 |
Mozilla Firefox ESR | <115.3.1 | 115.3.1 |
All of | ||
Mozilla Firefox Focus | =118.1 | |
Google Android | ||
All of | ||
Mozilla Firefox | =118.1 | |
Google Android | ||
Mozilla Thunderbird | <115.3.1 | 115.3.1 |
Google Chromium libvpx | ||
debian/chromium | 120.0.6099.224-1~deb11u1 128.0.6613.84-1~deb12u1 130.0.6723.69-1~deb12u1 129.0.6668.89-1 130.0.6723.69-1 | |
debian/firefox | <=131.0.3-1 | |
debian/firefox-esr | <=115.14.0esr-1~deb12u1<=128.3.1esr-1~deb12u1<=128.3.1esr-2 | 115.14.0esr-1~deb11u1 128.3.1esr-1~deb11u1 |
debian/libvpx | 1.9.0-1+deb11u3 1.12.0-1+deb12u3 1.14.1-1 | |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.16.0esr-1~deb11u1 1:115.12.0-1~deb12u1 1:115.16.0esr-1~deb12u1 1:128.3.2esr-1 |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-5217 is a heap buffer overflow vulnerability in the vp8 encoding in libvpx in Google Chrome and Microsoft Edge (Chromium-based) that allows a remote attacker to potentially exploit heap corruption.
CVE-2023-5217 has a severity rating of High.
CVE-2023-5217 affects Google Chrome, Microsoft Edge (Chromium-based), and libvpx.
To fix CVE-2023-5217 in Microsoft Edge, update to version 117.0.5938.132 or later.
To fix CVE-2023-5217 in Google Chrome, update to version 117.0.5938.132 or later.