Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.
Any idea if it's the same root cause as CVE-2023-4863 (libwebp heap buffer overflow)? WEBP is a derivative of VP8, after all.
Fix is to address a critical CVE:
Any idea if it's the same root cause as CVE-2023-4863 (libwebp heap buffer overflow)? WEBP is a derivative of VP8, after all.
It is apparently a new one in libvpx