Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0009

From: Carlos Alberto Lopez Perez <clopez igalia com>
To: webkit-gtk lists webkit org, webkit-wpe lists webkit org
Cc: security webkit org, distributor-list gnome org, oss-security lists openwall com, bugtraq securityfocus com
Subject: Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0009
Date: Tue, 20 Sep 2022 14:19:08 +0200


On 19/09/2022 14:44, Carlos Alberto Lopez Perez wrote:

CVE-2022-32912
    Versions affected: WebKitGTK and WPE WebKit before 2.36.8.
    Credit to Jeonghoon Shin (@singi21a) at Theori working with Trend
    Micro Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: An out-of-bounds read was
    addressed with improved bounds checking.


Just an update about this CVE: This issue doesn't affect Linux builds.
Only MacOS builds are affected by this.

References:
- WebKitGTK and WPE WebKit Security Advisory WSA-2022-0009
  - From: Carlos Alberto Lopez Perez

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]