All Advisories / BE-2023-0001


BE-2023-0001: Seequent LeapFrog WebP Heap-Based Buffer Overflow Vulnerability

Bentley ID: BE-2023-0001
CVE ID: CVE-2023-4863
Severity: 8
Publication date: 2023-10-27
Revision date: 2023-10-27

LeapFrog applications may be affected by a Heap-Based Buffer Overflow Vulnerability when opening maliciously crafted WebP files. Exploiting these vulnerabilities could lead to information disclosure or arbitrary code execution.

Using an affected version of LeapFrog application to open a WebP file containing maliciously crafted data can force a heap-based buffer overflow in the libwebp library. Exploitation of this vulnerability within the parsing of WebP files could enable an attacker to perform an out of bounds memory write an may lead to executing code in the context of the current process.

Affected Versions

Applications Affected Versions Mitigated Versions
Seequent LeapFrog 2023.1.* and prior versions 2023.2 and greater


Recommended Mitigations
Seequent, The Bentley Subsurface Company, recommends updating to the latest versions of LeapFrog applications. As a general best practice, it is also recommended to only open WebP files coming from trusted sources


Revision History

Date Description
2023-10-27 First version of this advisory