CVE-2018-11646
First published: Fri Jun 01 2018(Updated: )
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WebKitGTK+ | <=2.21.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-11646?
CVE-2018-11646 is classified as a high severity vulnerability due to its potential to cause application crashes.
How do I fix CVE-2018-11646?
To fix CVE-2018-11646, update to a version of WebKitGTK+ later than 2.21.3 where the vulnerability has been addressed.
What causes the application crash in CVE-2018-11646?
The application crash in CVE-2018-11646 is caused by mishandling an unset pageURL in specific WebKit functions.
Which versions of WebKitGTK+ are affected by CVE-2018-11646?
WebKitGTK+ versions up to and including 2.21.3 are affected by CVE-2018-11646.
Is CVE-2018-11646 a remotely exploitable vulnerability?
CVE-2018-11646 is not classified as a remotely exploitable vulnerability as it requires specific conditions to trigger the crash.
- agent/type
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/webkitgtk
- canonical/webkitgtk+
- version/webkitgtk+/2.21.3