Notice on potential impact of a heap buffer overflow vulnerability in libwebp / libvpx towards Ricoh products and services
Last updated: 08:00 pm on October 16, 2023 (2023-10-16T18:00:00+09:00)
First published: 09:00 pm on September 29, 2023 (2023-09-29T20:00:00+09:00)
Ricoh Company, Ltd.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported "Heap buffer overflow vulnerability in libwebp / libvpx"(CVE-2023-4863/5217).
Heap buffer overflow allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
These vulnerabilities are known to be triggered by the use of features for viewing/browsing images and videos. Therefore, please make sure not to use RICOH products or services to view any untrusted sources (URLs or files).
The impact on Ricoh products and services are currently under investigation. Updates on impacted products and services and related countermeasures will be provided promptly on this page as they become available.
| Vulnerability Information ID | ricoh-2023-000003 |
| Version | 1.01E |
| CVE ID(CWE ID) | CVE-2023-4863 ( CWE-787 ) CVE-2023-5217 ( CWE-787 ) |
| CVSSv3 score | 8.8 HIGH |
History:
2023-10-16T18:00:00+09:00 : 1.01E Added one vulnerability
2023-09-29T20:00:00+09:00 : 1.00E Initial public release
News
Keep up to date
- 29Nov
Ricoh received a five-star rating in the Fifth Nikkei SDGs Management Survey
- 22Nov
Ricoh Chairperson hands policy proposal on accelerating decarbonization through green transformation to Minister of Economy, Trade and Industry as Co-chair of JCLP
- 13Nov
Ricoh Chairperson takes the stage at Reuters NEXT 2023 "Empowering Colleagues to be ESG Advocates"
- 08Nov
Ricoh establishes a fund to generate innovation