CVE-2020-13558
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
Se presenta una vulnerabilidad de ejecución de código en la funcionalidad AudioSourceProviderGStreamer de Webkit WebKitGTK versión2.30.1. Una página web especialmente diseñada puede conllevar a un uso de la memoria previamente liberada
A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-26 CVE Reserved
- 2021-02-18 CVE Published
- 2024-07-06 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1172 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202104-03 | 2022-07-30 | |
https://access.redhat.com/security/cve/CVE-2020-13558 | 2021-11-09 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1928886 | 2021-11-09 |