FAQ for Image I/O and libwebp: CVE-2023-41064, CVE-2023-4863

FAQ for Image I/O and libwebp: CVE-2023-41064, CVE-2023-4863 and CVE-2023-5129

The Tenable Security Response Team (SRT) has published a frequently asked questions blog post to provide clarity around multiple vulnerabilities affecting image processing frameworks and libraries including Image I/O and libwebp, including one flaw that is confirmed to have been exploited in the wild in zero-click attacks.

The vulnerabilities include flaws in Apple operating systems (CVE-2023-41064) and Google Chrome and other applications that use libwebp (CVE-2023-4863) as well as a recently assigned CVE, CVE-2023-5129, which was supposed to cover the broader usage of libwebp.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

FAQ for Image I/O and libwebp: CVE-2023-41064, CVE-2023-4863

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia