CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
81.6%
Severity: Critical
Date : 2017-01-18
CVE-ID : CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599
CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639
CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654
CVE-2016-7656
Package : webkit2gtk
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-146
The package webkit2gtk before version 2.14.3-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.
Upgrade to 2.14.3-1.
The problems have been fixed upstream in version 2.14.3.
None.
A validation issue was found in WebKitGTK+ < 2.14.3, leading to the
potential disclosure of user information while processing maliciously
crafted web content. The issue was fixed through improved state
management.
A memory corruption issue was found in WebKitGTK+ < 2.14.3, leading to
potential arbitrary code execution while processing maliciously crafted
web content. The issue was fixed through improved state management.
An issue in the handling of JavaScript prompts was found in WebKitGTK+
< 2.14.3, leading to potential compromise of user information while
processing maliciously crafted web content. The issue was fixed through
improved state management.
An issue in the handling of HTTP redirects was found in WebKitGTK+ <
2.14.3, leading to potential disclosure of user information while
processing maliciously crafted web content. This issue was addressed
through improved cross origin validation.
An issue in the handling of blob URLs was found in WebKitGTK+ < 2.14.3,
leading to potential compromise of user information while processing
maliciously crafted web content. This issue was addressed through
improved URL handling.
A memory corruption issue was found in WebKitGTK+ < 2.14.3, leading to
denial of service or arbitrary code execution while processing
maliciously crafted web content. This issue was addressed through
improved state management.
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3,
leading to arbitrary code execution while processing maliciously
crafted web content. This issues were addressed through improved memory
handling.
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3,
leading to arbitrary code execution while processing maliciously
crafted web content. This issues were addressed through improved state
management.
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3,
leading to arbitrary code execution while processing maliciously
crafted web content. This issues were addressed through improved state
management.
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3,
leading to arbitrary code execution while processing maliciously
crafted web content. This issues were addressed through improved state
management.
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3,
leading to arbitrary code execution while processing maliciously
crafted web content. This issues were addressed through improved memory
handling.
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3,
leading to arbitrary code execution while processing maliciously
crafted web content. This issues were addressed through improved state
management.
A memory corruption issue was found in WebKitGTK+ < 2.14.3, leading to
arbitrary code execution while processing maliciously crafted web
content. This issue was addressed through improved state management.
A remote attacker can access sensitive information or execute arbitrary
code on the affected host via a maliciously crafted web content.
https://webkitgtk.org/security/WSA-2017-0001.html
https://security.archlinux.org/CVE-2016-7586
https://security.archlinux.org/CVE-2016-7589
https://security.archlinux.org/CVE-2016-7592
https://security.archlinux.org/CVE-2016-7599
https://security.archlinux.org/CVE-2016-7623
https://security.archlinux.org/CVE-2016-7632
https://security.archlinux.org/CVE-2016-7635
https://security.archlinux.org/CVE-2016-7639
https://security.archlinux.org/CVE-2016-7641
https://security.archlinux.org/CVE-2016-7645
https://security.archlinux.org/CVE-2016-7652
https://security.archlinux.org/CVE-2016-7654
https://security.archlinux.org/CVE-2016-7656
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | webkit2gtk | < 2.14.3-1 | UNKNOWN |
security.archlinux.org/AVG-146
security.archlinux.org/CVE-2016-7586
security.archlinux.org/CVE-2016-7589
security.archlinux.org/CVE-2016-7592
security.archlinux.org/CVE-2016-7599
security.archlinux.org/CVE-2016-7623
security.archlinux.org/CVE-2016-7632
security.archlinux.org/CVE-2016-7635
security.archlinux.org/CVE-2016-7639
security.archlinux.org/CVE-2016-7641
security.archlinux.org/CVE-2016-7645
security.archlinux.org/CVE-2016-7652
security.archlinux.org/CVE-2016-7654
security.archlinux.org/CVE-2016-7656
webkitgtk.org/security/WSA-2017-0001.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
81.6%