Debian dla-4218 : gir1.2-javascriptcoregtk-4.0 - security update

🗓️ 16 Jun 2025 00:00:00Reported by TenableType

Security update for Debian 11 addressing multiple vulnerabilities in WebKitGTK web engine

Reporter	Title	Published	Views	Family All 903
GithubExploit	Exploit for Out-of-bounds Write in Apple Safari	11 Jul 202514:01	–	githubexploit
GithubExploit	Exploit for Use After Free in Apple Ipados	23 Aug 202505:08	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Apple Safari	30 Aug 202502:21	–	githubexploit
IBM Security Bulletins	Security Bulletin: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions., affect watsonx.data	30 Jun 202510:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by multiple critical security vulnerabilities	29 May 202508:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities	22 May 202509:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management	25 Jun 202520:04	–	ibm
ATTACKERKB	CVE-2025-24201	11 Mar 202500:00	–	attackerkb
Tenable Nessus	Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2025-2869 (ALAS-2025-2869)	29 May 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : webkitgtk4 (ALAS-2025-2925)	10 Jul 202500:00	–	nessus

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/source-package/webkit2gtk
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-44192
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-54467
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-54551
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-24201
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-24208
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-24209
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-24213
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-24216
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-24223

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4218. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(240076);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/06/16");

  script_cve_id(
    "CVE-2024-44192",
    "CVE-2024-54467",
    "CVE-2024-54551",
    "CVE-2025-24201",
    "CVE-2025-24208",
    "CVE-2025-24209",
    "CVE-2025-24213",
    "CVE-2025-24216",
    "CVE-2025-24223",
    "CVE-2025-24264",
    "CVE-2025-30427",
    "CVE-2025-31204",
    "CVE-2025-31205",
    "CVE-2025-31206",
    "CVE-2025-31215",
    "CVE-2025-31257"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/04/03");

  script_name(english:"Debian dla-4218 : gir1.2-javascriptcoregtk-4.0 - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4218 advisory.

    - -------------------------------------------------------------------------
    Debian LTS Advisory DLA-4218-1                [email protected]
    https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
    June 16, 2025                                 https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : webkit2gtk
    Version        : 2.48.3-1~deb11u1
    CVE ID         : CVE-2024-44192 CVE-2024-54467 CVE-2024-54551 CVE-2025-24201
                     CVE-2025-24208 CVE-2025-24209 CVE-2025-24213 CVE-2025-24216
                     CVE-2025-24223 CVE-2025-24264 CVE-2025-30427 CVE-2025-31204
                     CVE-2025-31205 CVE-2025-31206 CVE-2025-31215 CVE-2025-31257

    The following vulnerabilities have been discovered in the WebKitGTK
    web engine:

    CVE-2024-44192

        Tashita Software Security discovered that processing maliciously
        crafted web content may lead to an unexpected process crash.

    CVE-2024-54467

        Narendra Bhati discovered that a malicious website may exfiltrate
        data cross-origin.

    CVE-2024-54551

        ajajfxhj discovered that processing web content may lead to a
        denial-of-service.

    CVE-2025-24201

        Apple discovered that maliciously crafted web content may be able
        to break out of Web Content sandbox.

    CVE-2025-24208

        Muhammad Zaid Ghifari and Kalimantan Utara discovered that loading
        a malicious iframe may lead to a cross-site scripting attack.

    CVE-2025-24209

        Francisco Alonso and an anonymous researcher discovered that
        processing maliciously crafted web content may lead to an
        unexpected process crash.

    CVE-2025-24213

        The Google V8 Security Team discovered that a type confusion issue
        could lead to memory corruption. Note that this CVE is fixed only
        on ARM architectures.  x86_64 is not vulnerable, x86 is not
        vulnerable when the SSE2 instruction set is enabled; but other
        architectures remain vulnerable.

    CVE-2025-24216

        Paul Bakker discovered that processing maliciously crafted web
        content may lead to an unexpected Safari crash.

    CVE-2025-24223

        rheza and an anonymous researcher discovered that processing
        maliciously crafted web content may lead to memory corruption.

    CVE-2025-24264

        Gary Kwong and an anonymous researcher discovered that processing
        maliciously crafted web content may lead to an unexpected crash.

    CVE-2025-30427

        rheza discovered that processing maliciously crafted web content
        may lead to an unexpected crash.

    CVE-2025-31204

        Nan Wang discovered that processing maliciously crafted web
        content may lead to memory corruption.

    CVE-2025-31205

        Ivan Fratric discovered that a malicious website may exfiltrate
        data cross-origin.

    CVE-2025-31206

        An anonymous researcher discovered that processing maliciously
        crafted web content may lead to an unexpected process crash.

    CVE-2025-31215

        Jiming Wang and Jikai Ren discovered that processing maliciously
        crafted web content may lead to an unexpected process crash.

    CVE-2025-31257

        Juergen Schmied discovered that processing maliciously crafted web
        content may lead to an unexpected process crash.

    For Debian 11 bullseye, these problems have been fixed in version
    2.48.3-1~deb11u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/webkit2gtk");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-44192");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-54467");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-54551");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-24201");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-24208");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-24209");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-24213");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-24216");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-24223");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-24264");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-30427");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-31204");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-31205");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-31206");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-31215");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-31257");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/webkit2gtk");
  script_set_attribute(attribute:"solution", value:
"Upgrade the gir1.2-javascriptcoregtk-4.0 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-24201");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/01/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webkit2gtk-driver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.48.3-1~deb11u1'},
    {'release': '11.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.48.3-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.48.3-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.48.3-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.48.3-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.48.3-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.48.3-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.48.3-1~deb11u1'},
    {'release': '11.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.48.3-1~deb11u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');
}

16 Jun 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.110

EPSS0.01121

SSVC