CVE-2023-4863 Impact of libwebp Vulnerability CVE-2023-4863
The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical libwebp vulnerability (CVE-2023-4863) as it relates to our products. While PAN-OS 10.2 and later versions include this library, PAN-OS software does not offer any scenarios required for the successful exploitation of this vulnerability and is not impacted.
No other Palo Alto Networks products are known to contain the vulnerable library and be impacted by this issue at this time.
CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)
Palo Alto Networks is not aware of any malicious exploitation of this issue in any of our products. Active exploitation of CVE-2023-4863 in browsers has been observed.
No software updates are required at this time.
Workarounds and Mitigations
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94394 (Applications and Threats content update 8757).