8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: Critical
Date : 2022-07-29
CVE-ID : CVE-2022-32792 CVE-2022-32816
Package : webkit2gtk-4.1
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2791
The package webkit2gtk-4.1 before version 2.36.5-1 is vulnerable to
multiple issues including arbitrary code execution and content
spoofing.
Upgrade to 2.36.5-1.
The problems have been fixed upstream in version 2.36.5.
None.
Processing maliciously crafted web content may lead to arbitrary code
execution.
Visiting a website that frames malicious content may lead to UI
spoofing.
An attacker is able to remotely execute arbitrary code on an affected
host and spoof a website’s content by using maliciously crafted web
content.
https://webkitgtk.org/security/WSA-2022-0007.html
https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792
https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816
https://security.archlinux.org/CVE-2022-32792
https://security.archlinux.org/CVE-2022-32816
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | webkit2gtk-4.1 | < 2.36.5-1 | UNKNOWN |