Article - CS402792

Windchill Visualization Services: CVE-2023-4863 Impacts and Mitigations

Modified: 21-Dec-2023   


Applies To

  • Windchill PDMLink 12.1 to 13.0

Description

  • Critical CVE-2023-4863 is reporting an issue with heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 where a remote attacker can perform out of bounds memory writes via crafted HTML pages.
  • Note:
    • Libwebp is utilized in Windchill only for authenticated users where Visualization (aka the Creo View WebGL Viewer) is in use, or visualizing Creo Illustrate associated representation in Creo View.
    • The risk of injecting a malicious webp formatted file is extremely limited for authenticated users. There is no attack surface for unauthenticated users in Windchill. There are no known exploits reported for Windchill at this time for this CVE.
       
This is a printer-friendly version of Article 402792 and may be out of date. For the latest version click CS402792