Gentoo update for WebKitGTK+
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 29 |
| CVE-ID | CVE-2022-32885 CVE-2022-32886 CVE-2022-32888 CVE-2022-32891 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-42826 CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVE-2023-23517 CVE-2023-23518 CVE-2023-23529 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 |
| CWE-ID | CWE-119 CWE-787 CWE-451 CWE-200 CWE-843 CWE-416 CWE-125 CWE-254 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #11 is being exploited in the wild. Vulnerability #21 is being exploited in the wild. Vulnerability #29 is being exploited in the wild. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system net-libs/webkit-gtk Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 29 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU73806
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-32885
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Buffer overflow
EUVDB-ID: #VU67199
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-32886
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Out-of-bounds write
EUVDB-ID: #VU68680
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-32888
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Spoofing attack
EUVDB-ID: #VU67197
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32891
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of frames on the webpage within WebKit. A remote attacker can spoof page content.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Information disclosure
EUVDB-ID: #VU68810
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32923
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in WebKit due to an error in the JIT implementation. A remote attacker can trick the victim to visit a malicious website and disclose internal states of the application.
Update the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Spoofing attack
EUVDB-ID: #VU68625
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-42799
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can trick the victim to visit a specially crafted website and spoof user interface.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Type Confusion
EUVDB-ID: #VU68626
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-42823
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Information disclosure
EUVDB-ID: #VU68627
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-42824
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page and gain access to potentially sensitive information.
Update the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Use-after-free
EUVDB-ID: #VU70518
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-42826
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Out-of-bounds read
EUVDB-ID: #VU70238
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-42852
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Type Confusion
EUVDB-ID: #VU70195
Risk: Critical
CVSSv3.1:
CVE-ID: CVE-2022-42856
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Buffer overflow
EUVDB-ID: #VU70242
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-42863
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Buffer overflow
EUVDB-ID: #VU70234
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-42867
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Buffer overflow
EUVDB-ID: #VU70235
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-46691
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Security features bypass
EUVDB-ID: #VU70236
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-46692
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in WebKit. A remote attacker can trick the victim to visit a specially crafted web page and bypass Same Origin Policy.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Information disclosure
EUVDB-ID: #VU70243
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-46698
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in WebKit. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Buffer overflow
EUVDB-ID: #VU70241
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-46699
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
18) Buffer overflow
EUVDB-ID: #VU70240
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-46700
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
19) Buffer overflow
EUVDB-ID: #VU71437
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-23517
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
20) Buffer overflow
EUVDB-ID: #VU71436
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-23518
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
21) Type Confusion
EUVDB-ID: #VU72161
Risk: Critical
CVSSv3.1:
CVE-ID: CVE-2023-23529
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when parsing web content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
22) Use-after-free
EUVDB-ID: #VU75417
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-25358
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebCore::RenderLayer::addChild. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
23) Use-after-free
EUVDB-ID: #VU75416
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-25360
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebCore::RenderLayer::renderer. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
24) Use-after-free
EUVDB-ID: #VU75415
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-25361
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebCore::RenderLayer::setNextSibling. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
25) Use-after-free
EUVDB-ID: #VU75414
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-25362
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebCore::RenderLayer::repaintBlockSelectionGaps. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
26) Use-after-free
EUVDB-ID: #VU75413
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-25363
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebCore::RenderLayer::updateDescendantDependentFlags. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
27) Security features bypass
EUVDB-ID: #VU74085
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-27932
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass Same Origin Policy restrictions.
The vulnerability exists due to improper state management. A remote attacker can trick the victim to visit a specially crafted website and bypass Same Origin Policy restrictions.
Update the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
28) Information disclosure
EUVDB-ID: #VU74086
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-27954
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information.
Update the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
29) Use-after-free
EUVDB-ID: #VU74604
Risk: Critical
CVSSv3.1:
CVE-ID: CVE-2023-28205
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
net-libs/webkit-gtk to version: 2.40.1
Gentoo Linux: All versions
net-libs/webkit-gtk: before 2.40.1
Fixed software versionsCPE2.3 External links
http://security.gentoo.org/glsa/202305-32
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
