CRITICAL Patch AvailableCVE-2023-4863

Heap Buffer Overflow in libwebp allows RCE in ML Container Images

Discovered 3 June 2025 2 views

Overview

A critical heap buffer overflow vulnerability (CVE-2023-4863) was discovered in the libwebp library, which is used for processing WebP image files. This vulnerability affects a vast ecosystem of software, including popular ML container images from providers like NVIDIA and Google. Many ML workflows involve processing image data, and these containers often bundle system libraries like libwebp for convenience. An attacker could craft a malicious WebP image file and introduce it into an ML data pipeline. When an application within the container (e.g., a data loader in PyTorch or TensorFlow) attempts to process this image, the vulnerability is triggered, leading to a crash or, more severely, arbitrary code execution within the container's context. Since many ML containers are run with elevated privileges or permissive network policies to facilitate GPU access and data transfer, a successful exploit could allow an attacker to escape the container, compromise the host node, and move laterally across the Kubernetes cluster. The incident served as a stark reminder that the security of AI/ML infrastructure depends not only on the ML frameworks themselves but also on the entire stack of underlying system dependencies, which must be diligently tracked and patched.

Affected Systems

NVIDIA NGC Containers (e.g., pytorch, tensorflow) prior to patchOfficial TensorFlow and PyTorch Docker imagesAny containerized ML workload using a vulnerable version of libwebp

Testing Guide

1. **Scan Your Image**: Use a container vulnerability scanner to check your specific ML container image for CVE-2023-4863. Example command with Trivy: `trivy image your-registry/your-ml-image:tag`. 2. **Check libwebp Version**: If possible, get a shell inside a running container and check the installed version of `libwebp`. For Debian/Ubuntu-based systems, use `dpkg -l | grep libwebp`. 3. **Review Vendor Advisories**: Check the security advisories from your container provider (e.g., NVIDIA NGC documentation, Docker Hub) for information on which tags have been patched.

Mitigation Steps

1. **Update Base Images**: Immediately update all ML container images to the latest versions released by the vendor (e.g., NVIDIA, Google) which include the patched `libwebp` library. 2. **Rebuild Custom Images**: If you use custom-built images, ensure your base image (e.g., `ubuntu:22.04`) is fully updated using `apt-get update && apt-get upgrade` and rebuild your ML images. 3. **Use Container Scanners**: Integrate vulnerability scanners like Trivy, Grype, or Snyk into your CI/CD pipeline to continuously scan your container images for known vulnerabilities in OS packages and other dependencies. 4. **Limit Privileges**: Run ML containers with the least privilege necessary. Avoid running as root, and use security contexts and network policies in Kubernetes to restrict their capabilities.

Patch Details

Patches were made available by Linux distributions and subsequently integrated into updated versions of official and vendor-supplied ML container images.

Sources

← Back to vulnerabilities