MidnightBSD

Advisories for wpewebkit

CVE-2018-12293 MEDIUM

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
wpewebkit wpe_webkit *
webkitgtk webkitgtk+ *
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
CVE-2019-11070 MEDIUM

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
wpewebkit wpe_webkit *
webkitgtk webkitgtk *
CVE-2019-6251 MEDIUM

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse leap 15.0
wpewebkit wpe_webkit *
opensuse leap 42.3
fedoraproject fedora 28
fedoraproject fedora 29
canonical ubuntu_linux 18.04
fedoraproject fedora 30
webkitgtk webkitgtk *
gnome epiphany *
canonical ubuntu_linux 18.10
CVE-2019-8720

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat codeready_linux_builder_for_power_little_endian_eus 8.0
redhat codeready_linux_builder_for_ibm_z_systems_eus 8.6
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat codeready_linux_builder_eus 8.6
redhat enterprise_linux_for_arm64 8.0
redhat codeready_linux_builder_for_arm64_eus 8.4
redhat codeready_linux_builder_for_ibm_z_systems_eus 8.0
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_ibm_z_systems_eus 8.6
redhat codeready_linux_builder_for_arm64_eus 8.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_arm64_eus 8.4
wpewebkit wpe_webkit *
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat codeready_linux_builder_for_power_little_endian_eus 8.6
redhat codeready_linux_builder_for_arm64_eus 8.6
redhat enterprise_linux 8.0
redhat codeready_linux_builder_for_power_little_endian_eus 8.4
redhat enterprise_linux_workstation 7.0
redhat codeready_linux_builder 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat codeready_linux_builder_eus 8.4
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
webkitgtk webkitgtk *
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat codeready_linux_builder_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_for_arm64_eus 8.6
CVE-2020-10018 HIGH

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.10
wpewebkit wpe_webkit *
debian debian_linux 10.0
canonical ubuntu_linux 18.04
fedoraproject fedora 30
webkitgtk webkitgtk *
opensuse leap 15.1
fedoraproject fedora 31
CVE-2020-11793 MEDIUM

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.10
wpewebkit wpe_webkit *
canonical ubuntu_linux 18.04
fedoraproject fedora 30
webkitgtk webkitgtk *
opensuse leap 15.1
fedoraproject fedora 31
fedoraproject fedora 32
CVE-2020-13753 HIGH

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.10
wpewebkit wpe_webkit *
debian debian_linux 10.0
canonical ubuntu_linux 18.04
webkitgtk webkitgtk *
opensuse leap 15.1
fedoraproject fedora 31
canonical ubuntu_linux 20.04
CVE-2021-42762 MEDIUM

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 34
fedoraproject fedora 33
wpewebkit wpe_webkit *
debian debian_linux 10.0
debian debian_linux 11.0
webkitgtk webkitgtk *
fedoraproject fedora 35
CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Products Affected

Vendor Product Version
apple macos *
fedoraproject fedora 36
wpewebkit wpe_webkit *
fedoraproject extra_packages_for_enterprise_linux 8.0
apple iphone_os *
apple watchos *
apple mac_os_x 10.15.7
webrtc_project webrtc -
google chrome *
apple mac_os_x *
apple tvos *
apple ipados *
webkitgtk webkitgtk *
fedoraproject fedora 35
CVE-2022-32893

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apple macos *
fedoraproject fedora 36
wpewebkit wpe_webkit *
debian debian_linux 10.0
apple iphone_os *
debian debian_linux 11.0
apple safari *
apple ipados *
webkitgtk webkitgtk *
fedoraproject fedora 35
CVE-2023-28198

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
apple iphone_os *
apple ipados *
webkitgtk webkitgtk *
CVE-2023-32370

A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
webkitgtk webkitgtk *
CVE-2023-40397

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
webkitgtk webkitgtk *
CVE-2023-42843

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.

Products Affected

Vendor Product Version
wpewebkit wpe_webkit *
apple macos 14.0
fedoraproject fedora 40
apple ipad_os *
apple iphone_os *
apple safari *
webkitgtk webkitgtk *
CVE-2024-23254

The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
apple tvos *
fedoraproject fedora 40
apple ipad_os *
apple iphone_os *
apple safari *
webkitgtk webkitgtk *
apple watchos *
apple visionos *
CVE-2024-23263

A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
fedoraproject fedora 40
apple iphone_os *
apple safari *
apple watchos *
fedoraproject fedora 38
apple visionos *
apple tvos *
fedoraproject fedora 39
apple ipados *
webkitgtk webkitgtk *
CVE-2024-23280

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
apple tvos *
fedoraproject fedora 40
apple ipad_os *
apple iphone_os *
apple safari *
fedoraproject fedora 39
webkitgtk webkitgtk *
apple watchos *
fedoraproject fedora 38
CVE-2024-23284

A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
fedoraproject fedora 40
apple iphone_os *
apple safari *
apple watchos *
fedoraproject fedora 38
apple visionos *
apple tvos *
fedoraproject fedora 39
apple ipados *
webkitgtk webkitgtk *
CVE-2024-27834

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
apple tvos *
fedoraproject fedora 40
apple iphone_os *
apple safari *
fedoraproject fedora 39
apple ipados *
webkitgtk webkitgtk *
apple watchos *
CVE-2025-43342

A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
apple tvos *
apple iphone_os *
apple safari *
apple ipados *
webkitgtk webkitgtk *
apple watchos *
apple visionos *
CVE-2025-43343

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apple macos *
wpewebkit wpe_webkit *
apple tvos *
apple iphone_os *
apple safari *
apple ipados *
webkitgtk webkitgtk *
apple watchos *
apple visionos *
CVE-2025-6558

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apple macos *
google chrome *
wpewebkit wpe_webkit *
apple iphone_os *
debian debian_linux 11.0
apple safari *
apple ipados *
webkitgtk webkitgtk *
apple watchos *
apple visionos *