VertiGIS uses this page to provide centralized information about the critical vulnerability CVE-2023-4863, also published as CVE-2023-5129 known as "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability" and its impact on VertiGIS Studio products.
This article will be updated as new information becomes available.
Products affected
- VertiGIS Studio Analytics prior to 1.4
- VertiGIS Studio Search prior to 1.3
- VertiGIS Studio Access Control prior to 5.6.2
These products have post installers that use Electron, a version of Chromium. We have released new versions of each product with an updated version of Electron. VertiGIS feels the risk is low as our post installers will only load VertiGIS-created trusted content and pages from ArcGIS Portal.
- VertiGIS Studio Mobile prior to 5.32
- VertiGIS Studio Workflow prior to 5.36
These products included the SkiaSharp library that contained the vulnerability. We have released new versions of each product with an updated version of SkiaSharp. VertiGIS feels the risk is low because the library is not used in a manner that exposes the exploit.
- VertiGIS Studio Printing prior to 5.22
- VertiGIS Studio Reporting prior to 5.22
These products include Chromium. We have released a new version of each product with an updated version of Chromium. VertiGIS feels the risk is low as the products will only load VertiGIS-created trusted pages.
Products not affected
- VertiGIS Studio Item Manager
- VertiGIS Studio Web
- Geocortex Essentials
- Geocortex Analytics
Comments
0 comments
Please sign in to leave a comment.