webkit2gtk-4.1
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Web content engine for GTK |
| Version | 2.48.3-1 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2865 | 2.48.2-1 | 2.49.1-1 | High | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2025-31257 | AVG-2865 | High | Yes | Denial of service | Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in an unexpected crash. |
| CVE-2025-31215 | AVG-2865 | Medium | Yes | Denial of service | Processing malicious web content can cause a NULL pointer dereference due to improper checks, resulting in an unexpected process crash. |
| CVE-2025-31206 | AVG-2865 | High | Yes | Denial of service | Processing malicious web content can cause a type confusion issue due to improper state handling and result in an unexpected crash. |
| CVE-2025-31205 | AVG-2865 | High | Yes | Information disclosure | A malicious website may steal data cross-origin due to improper security checks within the web browser or rendering engine, leading to unauthorized... |
| CVE-2025-31204 | AVG-2865 | High | Yes | Insufficient validation | Processing malicious web content can cause out-of-bounds memory access due to improper memory handling and result in memory corruption. |
| CVE-2025-24223 | AVG-2865 | High | Yes | Incorrect calculation | Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in memory corruption. |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2868 | 2.42.0-1 | 2.48.2-1 | High | Fixed | |
| AVG-2791 | 2.36.4-2 | 2.36.5-1 | Critical | Fixed | |
| AVG-2650 | 2.34.5-1 | 2.34.6-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2023-42970 | AVG-2868 | High | Yes | Arbitrary code execution | Processing malicious web content can cause a use-after-free issue due to improper memory management and result in arbitrary code execution. |
| CVE-2023-42875 | AVG-2868 | High | Yes | Arbitrary code execution | Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in arbitrary code execution. The issue was... |
| CVE-2022-32816 | AVG-2791 | High | Yes | Content spoofing | Visiting a website that frames malicious content may lead to UI spoofing. |
| CVE-2022-32792 | AVG-2791 | Critical | Yes | Arbitrary code execution | Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2022-22620 | AVG-2650 | High | Yes | Arbitrary code execution | A use after free vulnerability was found in WebKitGTK allowing an attacker to perform remote code execution using maliciously crafted web content. |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 18 May 2025 | ASA-202505-4 | AVG-2868 | High | arbitrary code execution |