ALT-PU-2023-8772-1 — libwebkitgtk4.1

BDU:2023-00677

HIGH8.8

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код

Published: 2023-02-13Modified: 2023-09-13

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-42826

BDU:2023-04538

HIGH8.8

Уязвимость модуля отображения веб-страниц WebKit операционной системы macOS, позволяющая нарушителю выполнить произвольный код

Published: 2023-08-09Modified: 2025-03-05

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.0

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2023-28198

BDU:2023-07654

MEDIUM5.3

Уязвимость модулей отображения веб-страниц WPE WebKit и WebKitGTK, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2023-11-11Modified: 2025-03-05

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2023-32370

CVE-2022-42826

HIGH8.8

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Published: 2023-02-27Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-28198

HIGH8.8

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

Published: 2023-08-14Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-32370

MEDIUM5.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.

Published: 2023-09-06Modified: 2024-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Package update libwebkitgtk4.1 in branch sisyphus

Closed issues (6)

Уязвимость модуля отображения веб-страниц WebKit операционной системы macOS, позволяющая нарушителю выполнить произвольный код

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution.

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.