Google Cloud Platform Security Advisory

Published: 2023-10-30



Deep Learning VM Images is a set of prepackaged virtual machine images with a deep learning framework that are ready to be run out of the box. Recently, an out-of-bounds write vulnerability was discovered in the `ReadHuffmanCodes()` function in the `libwebp` library. This might impact images that use this library.

Google Cloud continuously scans its publicly published images and updates the packages to assure patched distros are included in the latest releases available for customer adoption. Deep Learning VM Images have been updated to ensure that the latest VM images include the patched distros. Customers adopting the latest VM images are not exposed to this vulnerability.

What should I do?

Google Cloud customers using published VM images should ensure that they are adopting the latest images and that their environments are up to date as per the shared responsibility model.

CVE-2023-4863 could be exploited by an attacker to execute arbitrary code. This vulnerability was identified in Google Chrome prior to 116.0.5845.187 and in `libwebp` prior to 1.3.2 and is being listed under CVE-2023-4863.