Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
HighCISA KEVExploited in the wildPublic exploit

Heap buffer overflow in libwebp WebP decoder

IdentifiersCVE-2023-4863CWE-787· Out-of-bounds Write

CVE-2023-4863 is a critical heap buffer overflow in libwebp, the WebP image decoding library, affecting Google Chrome prior to 116.0.5845.187/.188 and libwebp prior to 1.3.2. The issue is described as an out-of-bounds memory write reachable via crafted HTML content or a malicious WebP image. Supporting advisory content attributes the flaw to libwebp's WebP decoding path, including BuildHuffmanTable, where malformed input can trigger a heap buffer overflow during image processing. Because libwebp is embedded in Chrome and widely reused by other browsers and applications, exploitation can occur when a target processes attacker-supplied WebP content, such as in a web page, chat message, or other image-handling workflow. Google stated that exploitation existed in the wild at disclosure time.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a remote attacker to corrupt heap memory via an out-of-bounds write. Depending on the target application and exploit reliability, impact ranges from process crash and denial of service to arbitrary code execution in the context of the vulnerable application. In browser contexts this can enable full compromise of the browser process and, in some deployments, broader system compromise subject to sandboxing and containment. The vulnerability was reported as actively exploited in the wild and was added to CISA's Known Exploited Vulnerabilities catalog.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by preventing processing of untrusted WebP content and limiting rendering of attacker-controlled HTML or images. Disable or restrict features and workflows that decode WebP where feasible, especially in internet-facing or user-content-processing applications. For embedded products, disable affected functionality where vendor guidance exists, and apply compensating controls such as sandboxing, container confinement, and restricting remote content sources. These are temporary measures only and do not replace upgrading to fixed libwebp-based builds.

Remediation

Patch, then assume compromise.

Update libwebp to version 1.3.2 or later and update all affected products that bundle or depend on libwebp. For Chrome, upgrade to 116.0.5845.187 or later on macOS/Linux and 116.0.5845.187/.188 or later on Windows. Downstream products should be updated to vendor-fixed releases, such as patched Chromium/Electron/CEF-based applications and other software that statically or dynamically includes vulnerable libwebp code. Where vendor hotfixes or product-specific patched builds are available, apply those updates immediately.
PUBLIC EXPLOITS

Exploits

3 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos (11 hidden).

VALID 3 / 14 TOTALView more in app
lab-cve-2023-4863MaturityPoCVerified exploit

This repository is a self-contained Docker lab for reproducing CVE-2023-4863, the libwebp heap buffer overflow. It is not a traditional one-shot exploit against a remote target; instead, it builds an attacker container that generates a malicious WebP file using a public PoC (craft.c), serves it over HTTP, and then demonstrates the effect on multiple victim containers. The main exploit capability is reliable crash reproduction in vulnerable libwebp consumers: the CLI victim downloads exploit.webp and processes it with dwebp, producing heap corruption symptoms and SIGABRT; the GUI victim uses Firefox 110 to load a phishing-style page embedding exploit.webp, demonstrating browser-side impact. Patched CLI and GUI containers are included to show mitigated behavior, where the malformed image is rejected with BITSTREAM_ERROR instead of crashing. Repository structure is centered around docker-compose.yml plus per-role Dockerfiles and entrypoint scripts. attacker/ builds a Debian container, clones the upstream PoC repo, compiles craft.c into a generator, creates exploit.webp, and serves exploit.webp, bad.webp, and index.html via python3 -m http.server on port 80. victim-cli/ and victim-patched/ are Ubuntu 22.04 CLI environments that automatically fetch the malicious file from http://attacker/ and run dwebp to compare vulnerable versus patched libwebp behavior. victim-gui/ and victim-gui-patched/ add XFCE, Xvfb, x11vnc, supervisord, and Firefox builds (110 vulnerable, 126 patched) for interactive browser testing over VNC. guacamole/ contains SQL initialization and connection definitions so the whole lab can be accessed through Apache Guacamole at localhost:8888. Notable observables include the attacker-hosted endpoints http://attacker/exploit.webp, http://attacker/bad.webp, and http://attacker/index.html; exposed local ports 8080, 8888, 2220-2224, 5900, and 5901; and external build-time download sources including GitHub, Launchpad Librarian, and releases.mozilla.org. The exploit does not include a code-execution payload, persistence, or lateral movement logic. Its purpose is demonstrative and educational: generate a malformed WebP, deliver it over HTTP, and prove vulnerable parsing paths by causing application crashes in controlled containers.

pixelotesDisclosed May 13, 2026makefilemarkdownfilewebnetwork
CVE-2023-4863MaturityPoCVerified exploit

This repository is a minimal proof-of-concept exploit generator for CVE-2023-4863, consisting of a short README and a single Python script, gen_oob_webp.py. The README states it is a modified version of DARKNAVY's script with OFFSET and VALUE constants exposed at the top for easier tuning. The Python script does not attack a remote service directly. Instead, it programmatically constructs a malformed lossless WebP image by assembling RIFF and VP8L structures, generating custom bitstreams, and encoding crafted Huffman code-length tables. Its core purpose is to produce a file that triggers an out-of-bounds heap write when decoded by a vulnerable WebP parser. The overwrite() helper is the key exploit primitive: it lets the operator choose an 8-byte-aligned heap-relative OFFSET and a constrained VALUE (3 through 0x27), which are then encoded into the malicious bitstream to influence the resulting overwrite behavior. Repository structure is extremely small and straightforward: README.md provides attribution and context; gen_oob_webp.py is the sole executable artifact and likely entry point. Internally, the script defines helper functions bitstream_to_bytearray() and bit() for bit-level encoding, builds RIFF_header and image_header, assembles multiple code-length tables for green/red/distance channels, appends padding bytes, recalculates container sizes, and finally writes the generated payload to oob.webp. There are no network callbacks, hardcoded IPs, URLs, registry keys, or command execution routines in the exploit. The only fingerprintable artifact produced by the code is the output file oob.webp, along with the embedded format markers RIFF and WEBPVP8L. Overall, this is a file-based exploit PoC demonstrating controlled memory corruption, not a weaponized exploit or delivery framework.

jpselvaDisclosed Apr 22, 2026pythonmarkdownfile
CVE-2023-4863MaturityPoCVerified exploit

This repository is the official source for Google's libwebp, a widely used image encoding/decoding library. The repository contains the full source code, build scripts, documentation, and a suite of example tools for encoding and decoding WebP images. Of particular interest for exploitation is the presence of two files in the examples directory: 'craft.c' and 'poc.py'. - 'examples/craft.c' is a C program that generates a specially crafted WebP image ('bad.webp') designed to trigger a heap buffer overflow in the lossless bitstream parsing logic of libwebp. The exploit is based on research by Ben Hawkes and others, and is directly referenced in public writeups about CVE-2023-4863 (the 'WebP 0day'). - 'examples/poc.py' is a Python script that generates a minimal WebP file ('poc.webp') that also triggers the vulnerability, demonstrating the exploit in a more concise form. The README.md provides detailed instructions for building the library, compiling the exploit, and running it to observe the heap buffer overflow (with AddressSanitizer output included). The exploit works by generating a malformed WebP file that, when decoded by a vulnerable version of libwebp (e.g., via the 'dwebp' tool or any application using libwebp), causes a heap buffer overflow in the BuildHuffmanTable function. This can lead to remote code execution or denial of service, depending on the context in which the image is processed. The repository also includes a full suite of tools and documentation for working with WebP images, but the exploit code is isolated to the 'examples/craft.c' and 'examples/poc.py' files. No network endpoints or remote services are involved; the attack vector is the delivery and processing of a malicious WebP file. The exploit is operational and can be used to test or demonstrate the vulnerability in affected libwebp versions.

huiwen-yayayaDisclosed Nov 11, 2023cpythonfile
EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
BandisoftHoneyviewapplication
BentleySeequent Leapfrogapplication
DebianDebian Linuxoperating_system
ElectronElectronapplication
Fedora ProjectFedoraoperating_system
GoogleChromeapplication
ImagemagickMagick.Net-Q16-Anycpuapplication
ImagemagickMagick.Net-Q16-Hdri-Anycpuapplication
ImagemagickMagick.Net-Q16-X64application
ImagemagickMagick.Net-Q8-Anycpuapplication
ImagemagickMagick.Net-Q8-Openmp-X64application
ImagemagickMagick.Net-Q8-X64application
Microsoft CorporationEdge Chromiumapplication
Microsoft CorporationTeamsapplication
Microsoft CorporationWebp Image Extensionapplication
MonoSkiasharpapplication
MozillaFirefoxapplication
MozillaThunderbirdapplication
NetAppActive Iq Unified Managerapplication
WebmprojectLibwebpapplication
WebpWebpapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence1

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures2

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.