TV-2023-1003

Teamviewer Security Advisory

TV-2023-1003

Libwebp vulnerabilities CVE-2023-4863 and CVE-2023-41064

The third-party opensource project libwebp is affected by two vulnerabilities rated with severity “High” and tracked as CVE-2023-4863 and CVE-2023-41064.

We have made hotfixes available for the affected TeamViewer products already. We strongly recommend updating the affected components immediately.

DETAILS

Clients

ApplicationVersionsStatusFixed versionUser action required
TeamViewer Frontline Spatial EditorBefore 4.19.1Update available4.19.1Update to fixed version or higher. Also see remarks below for a workaround if needed.

Products and Versions other than the ones listed above are not affected.

Server / Backend

ProductsRemediation statusUser action
TeamViewer FrontlinePatched / FixedNot required

Servers / Backends other than the ones listed above are not affected.

Additional Information for Frontline Spatial Editor

For Frontline Spatial Editor Version before 4.19.1, the following workaround can be applied to remove the affected library.

  1. Ensure you have a backup available in case something goes wrong.
  2. Open install location (i.e., C:Program FilesTeamViewer FrontlineSpatial Editor )
  3. Open folder imageformat and delete the following file:
    qwebp.dll
  4. Go back to the parent directory.
  5. Open folder deps and delete following files:
    libcurl.dll
    libcurld.dll
Bulletin ID
TV-2023-1003
Issue Date
2023-10-20
Last Update
2023-10-20
Priority
Important
CVSS Score
Assigned CVE
Affected Products

  • TeamViewer Frontline

The post TV-2023-1003 appeared first on TeamViewer.

READ MORE