webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create

A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash...

webkitgtk: limited sandbox escape via VFS syscalls

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper bounds checking, which can lead to an out-of-bounds read vulnerability. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A use after free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code execution...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A buffer overflow vulnerability was found in webkitgtk. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash or lead to arbitrary code execution...

webkitgtk: Information leak via Content Security Policy reports

An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects...

webkitgtk: Logic issue leading to Content Security Policy bypass

A logic issue was found in WebKitGTK. A specially crafted web content could use this flaw to bypass Content Security Policy bypass when processed...

webkitgtk: CSS compositing issue leading to revealing of the browsing history

A flaw was found in the way WebKitGTK performed CSS compositing. A malicious web site could possibly use this flaw to reveal user's browsing history...

webkitgtk: Logic issue leading to HSTS bypass

A logic issue was found in WebKitGTK. An attacker in a privileged network position could use this flaw to bypass HSTS...

webkitgtk: Use-after-free leading to arbitrary code execution

A use-after-free flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed...

webkitgtk: Insufficient checks leading to arbitrary code execution

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution...

webkitgtk: Use-after-free leading to arbitrary code execution

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Memory corruption leading to arbitrary code execution

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this...

webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers...

webkitgtk: Buffer overflow leading to arbitrary code execution

A flaw was found in the webkitgtk package. Affected versions of this package are vulnerable to a buffer overflow caused by improper bounds checking by the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrar...

webkitgtk: Memory corruption leading to arbitrary code execution

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a memory corruption issue in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a...

webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked in...

webkitgtk: Memory corruption issue leading to arbitrary code execution

A memory corruption issue was found in WebKitGTK and WPE WebKit in versions prior to 2.32.0. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

webkitgtk: Logic issue leading to universal cross site scripting attack

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting...

webkitgtk: IFrame sandboxing policy violation

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...