webkit2gtk

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description GTK+ Web content engine library
Version 2.26.1-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1033 2.24.3-1 2.24.4-1 Critical Fixed
AVG-967 2.24.1-1 2.24.2-1 Critical Fixed
AVG-942 2.19.92-1 2.20.0-1 Critical Fixed
AVG-899 2.22.5-1 2.22.6-1 Critical Fixed
AVG-834 2.22.4-1 2.22.5-1 Critical Fixed
AVG-819 2.22.3-1 2.22.4-1 Critical Fixed
AVG-692 2.20.1-1 2.20.2-1 Critical Fixed
AVG-362 2.16.5-1 2.16.6-1 Critical Fixed
AVG-235 2.14.5-1 2.16.1-1 Critical Fixed
AVG-170 2.14.3-1 2.14.4-1 Critical Fixed
AVG-146 2.14.2-2 2.14.3-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2019-8688 AVG-1033 Critical Yes Arbitrary code execution
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8684 AVG-1033 Critical Yes Arbitrary code execution
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8683 AVG-1033 Critical Yes Arbitrary code execution
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8680 AVG-1033 Critical Yes Arbitrary code execution
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8678 AVG-1033 Critical Yes Arbitrary code execution
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8669 AVG-1033 Critical Yes Arbitrary code execution
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8658 AVG-1033 High Yes Cross-site scripting
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-8649 AVG-1033 High Yes Cross-site scripting
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-8644 AVG-1033 Critical Yes Arbitrary code execution
An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8615 AVG-967 Critical Yes Arbitrary code execution
Multiple memory corruption issues have been found in WebKitGTK before 2.24.2, where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8607 AVG-967 High Yes Information disclosure
An out-of-bounds read has been found in WebKitGTK before 2.24.2, where processing maliciously crafted web content may result in the disclosure of process memory.
CVE-2019-8595 AVG-967 Critical Yes Arbitrary code execution
Multiple memory corruption issues have been found in WebKitGTK before 2.24.2, where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-6215 AVG-899 Critical Yes Arbitrary code execution
A type confusion issue has been found in WebKitGTK+ before 2.22.6, where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-6212 AVG-899 Critical Yes Arbitrary code execution
Multiple memory corruption issues have been found in WebKitGTK+ before 2.22.6, where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4437 AVG-834 Critical Yes Arbitrary code execution
Multiple memory corruption issues have been found in WebKitGTK+ before 2.22.5, where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4372 AVG-819 Critical Yes Arbitrary code execution
Multiple memory corruption issues have been found in WebKitGTK+ versions prior to 2.22.4, possibly leading to arbitrary code execution while parsing crafted...
CVE-2018-4200 AVG-692 Critical Yes Arbitrary code execution
A memory corruption issue has been found in webkitgtk < 2.20.2, where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2018-4113 AVG-942 Low Yes Denial of service
A security issue has been found in the handling of a function in JavaScriptCore of WebKitGTK+ < 2.20.0, where an unexpected interaction with indexing types...
CVE-2018-4101 AVG-942 Critical Yes Arbitrary code execution
A security issue has been found in WebKitGTK+ < 2.20.0, where processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2017-7064 AVG-362 Medium No Information disclosure
An information disclosure issue has been found in WebKitGTK+ <= 2.16.5, where an application may be able to read restricted memory.
CVE-2017-7061 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7056 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7055 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7048 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7046 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7039 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7037 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7034 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7030 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-7018 AVG-362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ <= 2.16.5, leading to arbitrary code execution when processing maliciously crafted web contents.
CVE-2017-2481 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2476 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2475 AVG-235 Medium Yes Cross-site scripting
An issue has been found in WebKit, allowing remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.
CVE-2017-2471 AVG-235 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in WebKit, allowing remote attackers to execute arbitrary code via a crafted web site.
CVE-2017-2470 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2469 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2468 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2466 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2465 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2464 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2460 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2459 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2457 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2455 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2454 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2447 AVG-235 High Yes Information disclosure
An issue has been found in WebKit, allowing remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.
CVE-2017-2446 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode...
CVE-2017-2445 AVG-235 High Yes Cross-site scripting
An issue has been found in WebKit, allowing remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.
CVE-2017-2442 AVG-235 High Yes Same-origin policy bypass
An issue has been found in WebKit, involving the “WebKit JavaScript Bindings” component. It allows remote attackers to bypass the Same Origin Policy and...
CVE-2017-2433 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2419 AVG-235 High Yes Access restriction bypass
An issue has been found in WebKit, allowing remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
CVE-2017-2415 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code by leveraging an unspecified “type confusion.”.
CVE-2017-2405 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory...
CVE-2017-2396 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2395 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2394 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2392 AVG-235 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2386 AVG-235 High Yes Same-origin policy bypass
An issue has been found in WebKit, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2017-2377 AVG-235 Medium Yes Denial of service
This issue involves the “WebKit Web Inspector” component. It allows attackers to cause a denial of service (memory corruption and application crash) by...
CVE-2017-2376 AVG-235 High Yes Content spoofing
An issue has been found in WebKit, allowing remote attackers to spoof the address bar by leveraging text input during the loading of a page.
CVE-2017-2373 AVG-170 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2371 AVG-170 Medium Yes Access restriction bypass
An issue has been found in the handling of blocking popups in WebKitGTK+ before 2.14.4, allowing a malicious website to open popups.
CVE-2017-2369 AVG-170 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2367 AVG-235 High Yes Same-origin policy bypass
An issue has been found in WebKit, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2017-2366 AVG-170 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2365 AVG-170 Medium Yes Information disclosure
A validation issue has been found in variable handling in WebKitGTK+ before 2.14.4, leading to cross-origin data exfiltration while processing maliciously...
CVE-2017-2364 AVG-170 Medium Yes Information disclosure
Multiple validation issues have been found in the handling of page loading in WebKitGTK+ before 2.14.4, leading to cross-origin data exfiltration while...
CVE-2017-2363 AVG-170 Medium Yes Information disclosure
Multiple validation issues have been found in the handling of page loading in WebKitGTK+ before 2.14.4, leading to cross-origin data exfiltration while...
CVE-2017-2362 AVG-170 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2356 AVG-170 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2355 AVG-170 Critical Yes Arbitrary code execution
A memory initialization issue has been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2354 AVG-170 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2350 AVG-170 Medium Yes Information disclosure
A security issue has been found in WebKitGTK+ before 2.14.4, where processing maliciously crafted web content may exfiltrate data cross- origin.
CVE-2016-9643 AVG-235 Medium Yes Denial of service
The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($...
CVE-2016-9642 AVG-235 Medium Yes Denial of service
JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.
CVE-2016-7656 AVG-146 Critical Yes Arbitrary code execution
A memory corruption issue was found in WebKitGTK+ < 2.14.3, leading to arbitrary code execution while processing maliciously crafted web content. This issue...
CVE-2016-7654 AVG-146 Critical Yes Arbitrary code execution
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3, leading to arbitrary code execution while processing maliciously crafted web content....
CVE-2016-7652 AVG-146 Critical Yes Arbitrary code execution
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3, leading to arbitrary code execution while processing maliciously crafted web content....
CVE-2016-7645 AVG-146 Critical Yes Arbitrary code execution
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3, leading to arbitrary code execution while processing maliciously crafted web content....
CVE-2016-7641 AVG-146 Critical Yes Arbitrary code execution
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3, leading to arbitrary code execution while processing maliciously crafted web content....
CVE-2016-7639 AVG-146 Critical Yes Arbitrary code execution
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3, leading to arbitrary code execution while processing maliciously crafted web content....
CVE-2016-7635 AVG-146 Critical Yes Arbitrary code execution
Multiple memory corruption issues were found in WebKitGTK+ < 2.14.3, leading to arbitrary code execution while processing maliciously crafted web content....
CVE-2016-7632 AVG-146 Critical Yes Arbitrary code execution
A memory corruption issue was found in WebKitGTK+ < 2.14.3, leading to denial of service or arbitrary code execution while processing maliciously crafted...
CVE-2016-7623 AVG-146 Medium Yes Information disclosure
An issue in the handling of blob URLs was found in WebKitGTK+ < 2.14.3, leading to potential compromise of user information while processing maliciously...
CVE-2016-7599 AVG-146 Medium Yes Information disclosure
An issue in the handling of HTTP redirects was found in WebKitGTK+ < 2.14.3, leading to potential disclosure of user information while processing...
CVE-2016-7592 AVG-146 Medium Yes Information disclosure
An issue in the handling of JavaScript prompts was found in WebKitGTK+ < 2.14.3, leading to potential compromise of user information while processing...
CVE-2016-7589 AVG-146 Critical Yes Arbitrary code execution
A memory corruption issue was found in WebKitGTK+ < 2.14.3, leading to potential arbitrary code execution while processing maliciously crafted web content....
CVE-2016-7586 AVG-146 Medium Yes Information disclosure
A validation issue was found in WebKitGTK+ < 2.14.3, leading to the potential disclosure of user information while processing maliciously crafted web...

Advisories

Date Advisory Group Severity Description
04 Sep 2019 ASA-201909-1 AVG-1033 Critical multiple issues
28 May 2019 ASA-201905-10 AVG-967 Critical multiple issues
15 Feb 2019 ASA-201902-17 AVG-899 Critical arbitrary code execution
14 Dec 2018 ASA-201812-10 AVG-834 Critical arbitrary code execution
22 Nov 2018 ASA-201811-20 AVG-819 Critical arbitrary code execution
13 May 2018 ASA-201805-9 AVG-692 Critical arbitrary code execution
26 Jul 2017 ASA-201707-25 AVG-362 Critical multiple issues
28 Apr 2017 ASA-201704-9 AVG-235 Critical multiple issues
11 Feb 2017 ASA-201702-9 AVG-170 Critical multiple issues
18 Jan 2017 ASA-201701-27 AVG-146 Critical multiple issues