What is CVE-2018-12911?

CVE-2018-12911 is a vulnerability in WebKitGTK+ 2.20.3 that allows an off-by-one error and an out-of-bounds write in the get_simple_globs functions.

How severe is CVE-2018-12911?

CVE-2018-12911 has a severity rating of 9.8 (critical).

Which software versions are affected by CVE-2018-12911?

WebKitGTK+ versions 2.20.3, 2.20.4, and 2.36.4-2.42.1 are affected by CVE-2018-12911.

What is the recommended remedy for CVE-2018-12911?

Upgrade to WebKitGTK+ version 2.20.5-0ubuntu0.18.04.1 for Ubuntu or apply the relevant updates provided by your Linux distribution or vendor.

Where can I find more information about CVE-2018-12911?

You can find more information about CVE-2018-12911 at the following references: [CVE-2018-12911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12911), [WSA-2018-0006](https://webkitgtk.org/security/WSA-2018-0006.html), [USN-3743-1](https://ubuntu.com/security/notices/USN-3743-1).

Vulnerability/
CVE-2018-12911

critical

9.8

CWE

787

19/7/2018

18/9/2018

CVE-2018-12911

First published: Thu Jul 19 2018(Updated: )

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ubuntu/webkit2gtk	<2.20.5-0ubuntu0.18.04.1	2.20.5-0ubuntu0.18.04.1
ubuntu/webkit2gtk	<2.20.4	2.20.4
ubuntu/webkit2gtk	<2.20.5-0ubuntu0.16.04.1	2.20.5-0ubuntu0.16.04.1
Webkitgtk Webkitgtk\+	=2.20.3
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
debian/webkit2gtk		2.36.4-1~deb10u1 2.38.6-0+deb10u1 2.42.2-1~deb11u1 2.44.1-1~deb11u1 2.42.2-1~deb12u1 2.44.1-1~deb12u1 2.44.1-1 2.44.2-1

Remedy

https://trac.webkit.org/changeset/233404/webkit

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-3743-1

Frequently Asked Questions

What is CVE-2018-12911?
CVE-2018-12911 is a vulnerability in WebKitGTK+ 2.20.3 that allows an off-by-one error and an out-of-bounds write in the get_simple_globs functions.
How severe is CVE-2018-12911?
CVE-2018-12911 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2018-12911?
WebKitGTK+ versions 2.20.3, 2.20.4, and 2.36.4-2.42.1 are affected by CVE-2018-12911.
What is the recommended remedy for CVE-2018-12911?
Upgrade to WebKitGTK+ version 2.20.5-0ubuntu0.18.04.1 for Ubuntu or apply the relevant updates provided by your Linux distribution or vendor.
Where can I find more information about CVE-2018-12911?
You can find more information about CVE-2018-12911 at the following references: [CVE-2018-12911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12911), [WSA-2018-0006](https://webkitgtk.org/security/WSA-2018-0006.html), [USN-3743-1](https://ubuntu.com/security/notices/USN-3743-1).

agent/author
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/remedy
agent/severity
agent/weakness
agent/last-modified-date
agent/description
agent/event
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/references
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/ubuntu
package-manager/debian
vendor/webkitgtk
canonical/webkitgtk webkitgtk\+
version/webkitgtk webkitgtk\+/2.20.3
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04