CVE-2023-6704
CVE Details
Visit the official vulnerability details page for CVE-2023-6704 to learn more.
Initial Publication
05/17/2025
Last Update
05/19/2025
Third Party Dependency
libavif15
NIST CVE Summary
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)
CVE Severity
Our Official Summary
This is a high-severity "use-after-free" vulnerability in the libavif library, used in image decoding pipelines (notably in Chromium-based browsers like Google Chrome and Microsoft Edge). The vulnerability allows remote attackers to cause heap corruption via specially crafted AVIF images, potentially leading to arbitrary code execution or denial of service.
This is reported on kubevirt ui which can be accessed from chrome browsers. Upgrade to the latest version of chrome where this vulnerability is fixed. Since this is specific to AVIF images loading of those images can be disable on chrome browser locally. Once fix is available upstream, we will adopt the same.
Status
Open
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.25 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
No revisions available.