NewStart CGSL MAIN 7.02 : webkitgtk Multiple Vulnerabilities (NS-SA-2025-0160)

The remote NewStart CGSL host, running version MAIN 7.02, has webkitgtk packages installed that are affected by multiple vulnerabilities: - The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7....

webkitgtk: logic issue leading to user information disclosure

A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows an attacker to process maliciously crafted web content that may disclose sensitive user information...

webkitgtk: Out-of-bounds read leading to memory disclosure

An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed...

webkitgtk: Use-after-free leading to arbitrary code execution

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker can execute arbitrary co...

webkitgtk: Logic issue leading to Content Security Policy bypass

A logic issue was found in WebKitGTK. A specially crafted web content could use this flaw to bypass Content Security Policy bypass when processed...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a type confusion issue due to improper state handling and result in an unexpected crash...

webkitgtk: use after free issue may lead to arbitrary code execution

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.0. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

webkitgtk: Information leak via Content Security Policy reports

An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects...

webkitgtk: CSS compositing issue leading to revealing of the browsing history

A flaw was found in the way WebKitGTK performed CSS compositing. A malicious web site could possibly use this flaw to reveal user's browsing history...

webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free

A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a use-after-free error and leading to the execution of arbitrary cod...

webkitgtk: Processing web content may lead to a denial-of-service

A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to memory corruption

A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling...

webkitgtk: A malicious website may exfiltrate data cross-origin

A flaw was found in WebKitGTK. A malicious website may steal data cross-origin due to improper security checks within the web browser or rendering engine, leading to unauthorized disclosure of information...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a NULL pointer dereference due to improper checks, resulting in an unexpected process crash...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in an unexpected crash...

webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents

A use-after-free vulnerability was found in the SVG implementation within WebKitGTK. This flaw allows remote attackers to exploit the removal of an SVGFontFaceElement object, which occurs through specific vectors that trigger the deletion of the object during rendering...

webkitgtk: input validation issue may lead to a cross site scripting

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack...

webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl

A flaw was found in webkitgtk in versions prior to 2.28.3 and in WPE WebKit in versions prior to 2.28.3. The bubblewrap sandbox failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside...

webkitgtk: IFrame sandboxing policy violation

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...

webkitgtk: Use-after-free leading to arbitrary code execution

A use-after-free issue was found in WebKitGTK and WPE WebKit in versions prior to 2.32.0. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...