Security Bulletins

10/04/2023 - Update on H2O’s response to CVE-2023-4863

The H2O.ai team analyzed and assessed the impact of the vulnerability CVE-2023-4863 and implemented necessary changes in the H2O.ai ecosystem that were propagated to H2O.ai Managed Cloud and incorporated into the coming 23.10 release.

For any additional questions, please, reach out to H2O.ai support at support@h2o.ai.

09/28/2023 - H2O’s response to CVE-2023-4863

The H2O.ai team continues to investigate and evaluate the heap buffer overflow in libwebp native library reported as the vulnerability (CVE-2023-4863).

The library libwebp processes the images in WebP format that is employing both lossy and lossless compression.

Versions Affected: all libwebp versions < 1.3.2

Fixed Version: 1.3.2

The vulnerability was first reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 09/06/2023 and confirmed by various web browsers (for example, Mozilla, Chrome). If exploited, a buffer overflow in parsing WebP images may result in the execution of arbitrary code.

As soon as H2O.ai learned of this vulnerability, we promptly started to evaluate all our released software versions and cloud-hosted systems to determine what might be impacted. This page will be updated with findings and remediations.

For any additional questions, reach out to H2O.ai support at support@h2o.ai.

Sincerely,

H2O.ai Customer Support

Generative AI

Predictive AI

Industry Solutions

Use Cases

H2O.ai Hospital Occupancy Simulator

Strategic Transformation

View All Case Studies

FINANCIAL SERVICES

TELECOM

HEALTHCARE

ENERGY

FINANCIAL INDUSTRIES

MARKETING

Partners

Resources

Open Source

Join H2O University

Support

Events

H2O.ai Wiki

Responsible AI

Company

What is an AI Cloud?

2023 Gartner® Magic Quadrant™

10/04/2023 - Update on H2O’s response to CVE-2023-4863

09/28/2023 - H2O’s response to CVE-2023-4863

Why H2O.ai

Products

Resources

Insights