webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

CVE-2025-13502

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

DEBIAN-CVE-2025-13502

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

PT-2025-48026

Name of the Vulnerable Software and Affected Versions WebKitGTK and WPE WebKit affected versions not specified Description A security issue exists in WebKitGTK and WPE WebKit that allows for an out-of-bounds read and integer underflow. Successful exploitation of this issue can lead to a...

Linux Distros Unpatched Vulnerability : CVE-2017-1000121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process t...

Linux Distros Unpatched Vulnerability : CVE-2019-8375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog siz...

CVE-2017-1000121

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products...

Buffer Overflow

epiphany-browser is vulnerable to buffer overflow. The vulnerability exists due to a lack of validation of the number of bytes for a UTF-8 ellipsis character in ephystringshorten in the UI process via a long page title...

CVE-2022-29536

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow in ephystringshorten in the UI process via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered...

CVE-2022-29536

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow in ephystringshorten in the UI process via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered...

UBUNTU-CVE-2022-29536

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow in ephystringshorten in the UI process via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered...

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:1211-1)

This update for webkit2gtk3 fixes the following issues : Security issue fixed : CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution bsc1170643. Non-security issues fixed : Update to version 2.28.2 bsc1170643 : + Fix excessive CPU usage due to GdkFrameClock...

openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2020:0646-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : webkit2gtk3 (openSUSE-2020-646)

This update for webkit2gtk3 fixes the following issues : Security issue fixed : - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution bsc1170643. Non-security issues fixed : - Update to version 2.28.2 bsc1170643 : + Fix excessive CPU usage due to...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1198-1)

This update for webkit2gtk3 fixes the following issues : Security issue fixed : CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution bsc1170643. Non-security issues fixed : Update to version 2.28.2 bsc1170643 : + Fix excessive CPU usage due to GdkFrameClock...

SUSE-SU-2020:1211-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution bsc1170643. Non-security issues fixed: - Update to version 2.28.2 bsc1170643: + Fix excessive CPU usage due to GdkFrameClock...

Fedora 31 : webkit2gtk3 (2020-7f34d2cfd8)

Update to 2.28.2 : - Fix excessive CPU usage due to GdkFrameClock not being stopped. - Fix UI process crash when EGLWLbindwaylanddisplay extension is not available. - Fix position of select popup menus in X11. - Fix playing of Youtube live stream/H264 URLs. - Fix several crashes and rendering...

SUSE-SU-2020:1198-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution bsc1170643. Non-security issues fixed: - Update to version 2.28.2 bsc1170643: + Fix excessive CPU usage due to GdkFrameClock...

Fedora 30 : webkit2gtk3 (2020-bd170e803f)

Update to 2.28.2 : - Fix excessive CPU usage due to GdkFrameClock not being stopped. - Fix UI process crash when EGLWLbindwaylanddisplay extension is not available. - Fix position of select popup menus in X11. - Fix playing of Youtube live stream/H264 URLs. - Fix several crashes and rendering...

The vulnerability in the UIProcess subsystem of the rendering module in WebKitGTK+ and WebKitGTK allows a attacker to cause a service failure or affect the confidentiality and integrity of the protected information.

The vulnerability of the UIProcess subsystem in display modules of WebKitGTK+ and WebKitGTK arises from operations that occur outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or compromise the confidentiality and integrity of...