TV-2023-1003
Libwebp vulnerabilities CVE-2023-4863 and CVE-2023-41064
The third-party opensource project libwebp is affected by two vulnerabilities rated with severity “High” and tracked as CVE-2023-4863 and CVE-2023-41064.
We have made hotfixes available for the affected TeamViewer products already. We strongly recommend updating the affected components immediately.
DETAILS
Clients
| Application | Versions | Status | Fixed version | User action required |
|---|---|---|---|---|
| TeamViewer Frontline Spatial Editor | Before 4.19.1 | Update available | 4.19.1 | Update to fixed version or higher. Also see remarks below for a workaround if needed. |
Products and Versions other than the ones listed above are not affected.
Server / Backend
| Products | Remediation status | User action |
|---|---|---|
| TeamViewer Frontline | Patched / Fixed | Not required |
Servers / Backends other than the ones listed above are not affected.
Additional Information for Frontline Spatial Editor
For Frontline Spatial Editor Version before 4.19.1, the following workaround can be applied to remove the affected library.
- Ensure you have a backup available in case something goes wrong.
- Open install location (i.e., C:\Program Files\TeamViewer Frontline\Spatial Editor )
- Open folder \imageformat and delete the following file:
qwebp.dll - Go back to the parent directory.
- Open folder \deps and delete following files:
libcurl.dll
libcurld.dll
Bulletin ID
TV-2023-1003
Issue Date
2023-10-20
Last Update
2023-10-20
Priority
Important
CVSS Score
Assigned CVE
Affected Products
- TeamViewer Frontline
