October 5, 2023
Summary
Microsoft released security emergency patches for Edge, Teams and Skype. The CVE-2023-4863 is part of the WebP code library (libwebp) that when exploited allows for crashes and arbitrary code execution.
CVE-2023-5217 is the second affecting vulnerability, this is also caused by a heap buffer overflow weakness in the VP8 encoding from libvpx codec library. This vulnerability allows for arbitrary code execution or crashes.
Affected products
Microsoft Edge channel Stable prior to 117.0.2045.47
Microsoft Edge channel Extended Stable prior to 116.0.1938.98
Security Updates
Microsoft released security patches on 30 september to address these vulnerabilities.
Microsoft Edge channel Stable higher than 117.0.2045.47
Microsoft Edge channel Extended Stable higher than 116.0.1938.98
More information for CVE-2023-4863 or CVE-2023-5217.