VertiGIS uses this page to provide centralized information about the critical vulnerability CVE-2023-4863, also published as CVE-2023-5129 known as "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability" and its impact on VertiGIS Studio products.
This article will be updated as new information becomes available.
Products affected
- VertiGIS Studio Analytics
- VertiGIS Studio Search
- VertiGIS Studio Access Control
These products have post installers that use Electron, a version of Chromium. We will release a new version of each product with an updated version of Electron. VertiGIS feels the risk is low as our post installers will only load VertiGIS-created trusted content and pages from ArcGIS Portal.
- VertiGIS Studio Mobile
- VertiGIS Studio Workflow (on-premises only)
These products include the SkiaSharp library that contains the vulnerability. We will release a new version of each product with an updated version of SkiaSharp. VertiGIS feels the risk is low because the library is not used in a manner that exposes the exploit.
- VertiGIS Studio Printing
- VertiGIS Studio Reporting
These products include Chromium. We will release a new version of each product with an updated version of Chromium. VertiGIS feels the risk is low as the products will only load VertiGIS-created trusted pages.
Products not affected
- VertiGIS Studio Item Manager
- VertiGIS Studio Web
- Geocortex Essentials
- Geocortex Analytics
Comments
0 comments
Please sign in to leave a comment.