Notice on potential impact of a heap buffer overflow vulnerability in libwebp / libvpx towards Ricoh products and services

16 Oct 2023

Last updated: 08:00 pm on October 16, 2023 (2023-10-16T18:00:00+09:00)
First published: 09:00 pm on September 29, 2023 (2023-09-29T20:00:00+09:00)
Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported "Heap buffer overflow vulnerability in libwebp / libvpx"(CVE-2023-4863/5217).

Heap buffer overflow allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

These vulnerabilities are known to be triggered by the use of features for viewing/browsing images and videos. Therefore, please make sure not to use RICOH products or services to view any untrusted sources (URLs or files).

The impact on Ricoh products and services are currently under investigation. Updates on impacted products and services and related countermeasures will be provided promptly on this page as they become available.

 Vulnerability Information ID ricoh-2023-000003
 Version 1.01E
 CVE ID(CWE ID) CVE-2023-4863 ( CWE-787CVE-2023-5217 ( CWE-787 )
 CVSSv3 score 8.8  HIGH 


2023-10-16T18:00:00+09:00 : 1.01E Added one vulnerability
2023-09-29T20:00:00+09:00 : 1.00E Initial public release