Main Vulnerability Database Vulnerabilities #VU33457

Input validation error in WebKitGTK+ - CVE-2017-2371

Published: February 20, 2017 / Updated: February 10, 2026

Vulnerability identifier: #VU33457

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2017-2371

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: WebKitGTK

Affected software:
WebKitGTK+

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.

How to mitigate CVE-2017-2371

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/95735
http://www.securitytracker.com/id/1037668
https://security.gentoo.org/glsa/201706-15
https://support.apple.com/HT207482
https://www.exploit-db.com/exploits/41451/

Input validation error in WebKitGTK+ - CVE-2017-2371

Detailed vulnerability description

How to mitigate CVE-2017-2371

Sources

Please verify you're human