AVG-2703 log

Package webkit2gtk
Status Fixed
Severity High
Type multiple issues
Affected 2.34.6-1
Fixed 2.34.7-1
Current 2.38.2-1 [extra]
Ticket None
Created Tue May 10 00:13:34 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-22637 High Yes Unknown
A logic issue was addressed with improved state management. A malicious website may cause unexpected cross-origin behavior.
CVE-2022-22629 High Yes Arbitrary code execution
A buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22628 High Yes Arbitrary code execution
A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22624 High Yes Arbitrary code execution
A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution.
References
https://webkitgtk.org/security/WSA-2022-0004.html
Notes
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.