Latest webkitgtk webkitgtk Vulnerabilities

CVE-2023-39928
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrar...
WebKitGTK WebKitGTK=2.40.5
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Fedoraproject Fedora=37
ubuntu/webkit2gtk<2.42.1-0ubuntu0.22.04.1
ubuntu/webkit2gtk<2.42.1-0ubuntu0.23.04.1
and 3 more
CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
Apple iOS<16.6
Apple iPadOS<16.6
<13.5
Apple macOS<13.5
WebKitGTK WebKitGTK<2.40.5
Wpewebkit Wpe Webkit<2.40.5
CVE-2023-32370
WebKit. A logic issue was addressed with improved validation.
Apple macOS Ventura<13.3
<16.4
Apple iOS<16.4
Apple iPadOS<16.4
Apple macOS>=13.0<13.3
WebKitGTK WebKitGTK<2.40.1
and 1 more
CVE-2023-28198
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
<13.3
<16.4
Apple iOS<15.7.4
Apple iPadOS<15.7.4
Apple iOS<16.4
Apple iPadOS<16.4
and 10 more
CVE-2023-25362
A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
WebKitGTK WebKitGTK<2.36.8
CVE-2023-25363
A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
WebKitGTK WebKitGTK<2.36.8
CVE-2023-25361
A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
WebKitGTK WebKitGTK<2.36.8
CVE-2023-25360
A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
WebKitGTK WebKitGTK<2.36.8
CVE-2023-25358
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
debian/webkit2gtk<=2.36.4-1~deb10u1
debian/wpewebkit
ubuntu/webkit2gtk<2.38.6-0ubuntu0.20.04.1
ubuntu/webkit2gtk<2.38.6-0ubuntu0.22.04.1
ubuntu/webkit2gtk<2.38.6-0ubuntu0.22.10.1
WebKitGTK WebKitGTK<2.36.8
and 1 more
CVE-2022-32893
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS<15.6.1
Apple iPadOS<15.6.1
Apple macOS Monterey<12.5.1
Apple Safari<15.6.1
Apple Safari<15.6.1
and 13 more
CVE-2022-2294
Heap buffer overflow in WebRTC
Apple Safari<15.6
<12.5
Apple iOS<15.6
Apple iPadOS<15.6
Google Chrome<103.0.5060.114
WebRTC WebRTC
and 31 more
CVE-2022-30293
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
WebKitGTK WebKitGTK<=2.36.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/webkit2gtk
debian/wpewebkit
CVE-2021-45481
In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnera...
WebKitGTK WebKitGTK<2.32.4
CVE-2021-45483
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889.
WebKitGTK WebKitGTK<2.32.4
CVE-2021-45482
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889.
WebKitGTK WebKitGTK<2.32.4
CVE-2021-42762
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not conf...
debian/webkit2gtk
debian/wpewebkit
WebKitGTK WebKitGTK<2.34.1
Wpewebkit Wpe Webkit<2.34.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 3 more
CVE-2021-21806
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. ...
WebKitGTK WebKitGTK=2.30.3
CVE-2021-21775
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak ...
WebKitGTK WebKitGTK=2.30.4
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Debian Debian Linux=10.0
debian/webkit2gtk
debian/wpewebkit
CVE-2021-21779
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further ...
debian/webkit2gtk
debian/wpewebkit
WebKitGTK WebKitGTK=2.30.4
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Debian Debian Linux=10.0
and 6 more
CVE-2020-13558
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
WebKitGTK WebKitGTK=2.30.1
CVE-2021-1765
WebKit. This issue was addressed with improved iframe sandbox enforcement.
Apple macOS Big Sur<11.2
Apple Catalina
Apple Mojave
Apple Mac OS X>=10.14<10.14.6
Apple Mac OS X>=10.15<10.15.7
Apple Mac OS X=10.14.6
and 19 more
CVE-2021-1789
Apple Multiple Products Type Confusion Vulnerability
Apple iOS<14.4
Apple iPadOS<14.4
Apple macOS Big Sur<11.2
Apple Catalina
Apple Mojave
Apple watchOS<7.3
and 29 more
CVE-2021-1799
WebRTC. A port redirection issue was addressed with additional port validation.
Apple Safari<14.0.3
Apple iOS<14.4
Apple iPhone OS<14.4
Apple macOS>=11.0.1<11.2
Apple tvOS<14.4
Apple watchOS<7.3
and 11 more
CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4...
Apple iOS<14.4
Apple iPadOS<14.4
Apple watchOS<7.3
Apple tvOS<14.4
Apple iOS<14.4
Apple iPhone OS<14.4
and 6 more
CVE-2021-1870
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Apple iOS<14.4
Apple iPadOS<14.4
Apple iOS<14.4
Apple iPhone OS<14.4
Apple Mac OS X>=10.15<10.15.7
Apple Mac OS X=10.15.7
and 7 more
CVE-2020-29623
WebKit Storage. "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion.
Apple tvOS<14.3
Apple iOS<14.3
Apple iPadOS<14.3
Apple macOS Big Sur<11.1
Apple Catalina
Apple Mojave
and 22 more
CVE-2020-13543
Webkit WebKitGTK could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebSocket functionality. By persuading a victim to visit a specially crafted W...
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
WebKitGTK WebKitGTK=2.30.0
CVE-2019-8720
WebKitGTK Memory Corruption Vulnerability
redhat/webkitgtk<2.26.0
WebKitGTK WebKitGTK<2.26.0
Wpewebkit Wpe Webkit<2.26.0
Redhat Codeready Linux Builder=8.0
Redhat Codeready Linux Builder Eus=8.4
and 37 more
CVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desk...
WebKitGTK WebKitGTK<2.28.3
Wpewebkit Wpe Webkit<2.28.3
Fedoraproject Fedora=31
Debian Debian Linux=10.0
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
and 7 more
CVE-2020-11793
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memor...
debian/webkit2gtk
debian/wpewebkit
WebKitGTK WebKitGTK<2.28.1
Wpewebkit Wpe Webkit<2.28.1
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
and 16 more
CVE-2020-10018
accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4, allows a denial of service (application crash) because maintenance of the m_deferredFocuse...
WebKitGTK WebKitGTK<2.28.0
Wpewebkit Wpe Webkit<2.28.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=10.0
Canonical Ubuntu Linux=18.04
and 16 more
CVE-2013-7324
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavio...
WebKitGTK WebKitGTK>2.0.0<=2.26.4
CVE-2020-3867
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud...
redhat/webkitgtk<2.26.4
Apple tvOS<13.3.1
Apple iTunes for Windows<12.10.4
Apple iCloud for Windows<10.9.2
Apple iCloud for Windows<7.17
Apple iOS<13.3.1
and 11 more
CVE-2019-8674
WebKit Page Loading. A logic issue was addressed with improved state management.
Apple Safari<13
Apple iPhone OS<13.0
WebKitGTK WebKitGTK<2.26.4
redhat/webkitgtk<2.24.4
Apple Safari<13
Apple iOS<13
CVE-2019-11070
WebKitGTK and WPE WebKit failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue w...
WebKitGTK WebKitGTK<2.24.1
Wpewebkit Wpe Webkit<2.24.1
redhat/webkitgtk<2.24.1
ubuntu/webkit2gtk<2.24.1-0ubuntu0.18.04.1
ubuntu/webkit2gtk<2.24.1-0ubuntu0.18.10.2
ubuntu/webkit2gtk<2.24.1
and 1 more
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, whic...
WebKitGTK WebKitGTK<=2.23.90
Apple macOS Big Sur<=2.22.6
openSUSE Leap=15.0
openSUSE Leap=42.3
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
and 4 more
CVE-2019-6251
embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer...
GNOME Epiphany<=3.31.4
WebKitGTK WebKitGTK<2.24.1
Wpewebkit Wpe Webkit<2.24.1
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
and 9 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203