TV-2023-1003

Libwebp vulnerabilities CVE-2023-4863 and CVE-2023-41064

Bulletin ID
TV-2023-1003
Issue Date
2023. 10. 20.
Last Update
2023. 10. 20.
Priority
Important
Affected Products
TeamViewer Frontline

The third-party opensource project libwebp is affected by two vulnerabilities rated with severity “High” and tracked as CVE-2023-4863 and CVE-2023-41064.

We have made hotfixes available for the affected TeamViewer products already. We strongly recommend updating the affected components immediately.

Additional Information for Frontline Spatial Editor

For Frontline Spatial Editor Version before 4.19.1, the following workaround can be applied to remove the affected library.

  1. Ensure you have a backup available in case something goes wrong.
  2. Open install location (i.e., C:\Program Files\TeamViewer Frontline\Spatial Editor )
  3. Open folder \imageformat and delete the following file:
    qwebp.dll
  4. Go back to the parent directory.
  5. Open folder \deps and delete following files:
    libcurl.dll
    libcurld.dll