CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2022-30293 – webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-30293
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. En WebKitGTK versiones hasta 2.36.0 (y WPE WebKit), se presenta un desbordamiento del búfer en la región heap de la memoria en la función WebCore::TextureMapperLayer::setContentsLayer en el archivo WebCore/platform/graphics/texmap/TextureMapperLayer.cpp A heap buffer overflow vulnerability was found in WebKitGTK. The vulnerability occurs when processing or rendering HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a heap buffer overflow error and leading to the execution of arbitrary code on the system. • http://www.openwall.com/lists/oss-security/2022/05/30/1 https://bugs.webkit.org/show_bug.cgi?id=237187 https://github.com/ChijinZ/security_advisories/tree/master/webkitgtk-2.36.0 https://security.gentoo.org/glsa/202208-39 https://www.debian.org/security/2022/dsa-5154 https://www.debian.org/security/2022/dsa-5155 https://access.redhat.com/security/cve/CVE-2022-30293 https://bugzilla.redhat.com/show_bug.cgi?id=2082548 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45481 – webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create
https://notcve.org/view.php?id=CVE-2021-45481
In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. En WebKitGTK versiones anteriores a 2.32.4, se presenta una asignación de memoria incorrecta en la función WebCore::ImageBufferCairoImageSurfaceBackend::create, conllevando una violación de la segmentación y un bloqueo de la aplicación, una vulnerabilidad diferente de CVE-2021-30889 A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. • http://www.openwall.com/lists/oss-security/2022/01/21/2 https://github.com/ChijinZ/security_advisories/tree/master/webkitgtk-2.32.3 https://access.redhat.com/security/cve/CVE-2021-45481 https://bugzilla.redhat.com/show_bug.cgi?id=2040327 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45482 – webkitgtk: use-after-free in WebCore::ContainerNode::firstChild
https://notcve.org/view.php?id=CVE-2021-45482
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. En WebKitGTK versiones anteriores a 2.32.4, se presenta un uso de memoria previamente liberada en la función WebCore::ContainerNode::firstChild, una vulnerabilidad diferente de CVE-2021-30889 A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. • http://www.openwall.com/lists/oss-security/2022/01/21/2 https://github.com/ChijinZ/security_advisories/tree/master/webkitgtk-2.32.3 https://access.redhat.com/security/cve/CVE-2021-45482 https://bugzilla.redhat.com/show_bug.cgi?id=2040329 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45483 – webkitgtk: use-after-free in WebCore::Frame::page
https://notcve.org/view.php?id=CVE-2021-45483
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. En WebKitGTK versiones anteriores an 2.32.4, se presenta un uso de memoria previamente liberada en la función WebCore::Frame::page, una vulnerabilidad diferente de CVE-2021-30889 A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. • http://www.openwall.com/lists/oss-security/2022/01/21/2 https://github.com/ChijinZ/security_advisories/tree/master/webkitgtk-2.32.3 https://access.redhat.com/security/cve/CVE-2021-45483 https://bugzilla.redhat.com/show_bug.cgi?id=2040331 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-42762
https://notcve.org/view.php?id=CVE-2021-42762
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. El archivo BubblewrapLauncher.cpp en WebKitGTK y WPE WebKit versiones anteriores a 2.34.1, permite una omisión limitada del sandbox que permite a un proceso con sandbox engañar a procesos anfitriones para que piensen que el proceso con sandbox no está confinado por la sandbox, al abusar de las llamadas al sistema VFS que manipulan su espacio de nombres del sistema de archivos. El impacto se limita a servicios de host que crean sockets UNIX que WebKit monta dentro de su sandbox, y el proceso con sandbox permanece confinado de otra manera. • http://www.openwall.com/lists/oss-security/2021/10/26/9 http://www.openwall.com/lists/oss-security/2021/10/27/1 http://www.openwall.com/lists/oss-security/2021/10/27/2 http://www.openwall.com/lists/oss-security/2021/10/27/4 https://bugs.webkit.org/show_bug.cgi?id=231479 https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD https:& •