BE-2023-0001: Seequent LeapFrog WebP Heap-Based Buffer Overflow Vulnerability
Bentley ID: BE-2023-0001
CVE ID: CVE-2023-4863
CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Publication date: 2023-10-27
Revision date: 2023-10-27
LeapFrog applications may be affected by a Heap-Based Buffer Overflow Vulnerability when opening maliciously crafted WebP files. Exploiting these vulnerabilities could lead to information disclosure or arbitrary code execution.
Using an affected version of LeapFrog application to open a WebP file containing maliciously crafted data can force a heap-based buffer overflow in the libwebp library. Exploitation of this vulnerability within the parsing of WebP files could enable an attacker to perform an out of bounds memory write an may lead to executing code in the context of the current process.
|2023.1.* and prior versions
|2023.2 and greater
Seequent, The Bentley Subsurface Company, recommends updating to the latest versions of LeapFrog applications. As a general best practice, it is also recommended to only open WebP files coming from trusted sources
|First version of this advisory