Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| libwebp-sys2(crates.io) | 0 | 0.1.8 | N/A |
| libwebp-sys(crates.io) | 0 | 0.9.3 | N/A |
| electron(npm) | 22.0.0 | 22.3.24 | N/A |
| electron(npm) | 24.0.0 | 24.8.3 | N/A |
| electron(npm) | 25.0.0 | 25.8.1 | N/A |
| electron(npm) | 26.0.0 | 26.2.1 | N/A |
| electron(npm) | 27.0.0-beta.1 | 27.0.0-beta.2 | N/A |
| SkiaSharp(NuGet) | 2.0.0 | 2.88.6 | N/A |
| github.com/chai2010/webp(Go) | 1.1.2 | 1.4.0 | N/A |
| Pillow(PyPI) | 0 | 10.0.1 | N/A |
| webp(crates.io) | 0 | 0.2.6 | N/A |
| magick.net-q16-anycpu(NuGet) | 0 | 13.3.0 | N/A |
| magick.net-q16-hdri-anycpu(NuGet) | 0 | 13.3.0 | N/A |
| magick.net-q16-x64(NuGet) | 0 | 13.3.0 | N/A |
| magick.net-q8-anycpu(NuGet) | 0 | 13.3.0 | N/A |
| magick.net-q8-openmp-x64(NuGet) | 0 | 13.3.0 | N/A |
| magick.net-q8-x64(NuGet) | 0 | 13.3.0 | N/A |
| github.com/chai2010/webp(Go) | 0 | 0.0.0-20250406010349-76805d5a8860 | N/A |
| github.com/chai2010/webp(Go) | 0.0.0 | 1.1.2-0.20250406010349-76805d5a8860 | N/A |
CVSS Metrics
