webkit2gtk-4.1

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Web content engine for GTK
Version 2.48.3-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2865 2.48.2-1 2.49.1-1 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2025-31257 AVG-2865 High Yes Denial of service
Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in an unexpected crash.
CVE-2025-31215 AVG-2865 Medium Yes Denial of service
Processing malicious web content can cause a NULL pointer dereference due to improper checks, resulting in an unexpected process crash.
CVE-2025-31206 AVG-2865 High Yes Denial of service
Processing malicious web content can cause a type confusion issue due to improper state handling and result in an unexpected crash.
CVE-2025-31205 AVG-2865 High Yes Information disclosure
A malicious website may steal data cross-origin due to improper security checks within the web browser or rendering engine, leading to unauthorized...
CVE-2025-31204 AVG-2865 High Yes Insufficient validation
Processing malicious web content can cause out-of-bounds memory access due to improper memory handling and result in memory corruption.
CVE-2025-24223 AVG-2865 High Yes Incorrect calculation
Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in memory corruption.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2868 2.42.0-1 2.48.2-1 High Fixed
AVG-2791 2.36.4-2 2.36.5-1 Critical Fixed
AVG-2650 2.34.5-1 2.34.6-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2023-42970 AVG-2868 High Yes Arbitrary code execution
Processing malicious web content can cause a use-after-free issue due to improper memory management and result in arbitrary code execution.
CVE-2023-42875 AVG-2868 High Yes Arbitrary code execution
Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in arbitrary code execution. The issue was...
CVE-2022-32816 AVG-2791 High Yes Content spoofing
Visiting a website that frames malicious content may lead to UI spoofing.
CVE-2022-32792 AVG-2791 Critical Yes Arbitrary code execution
Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22620 AVG-2650 High Yes Arbitrary code execution
A use after free vulnerability was found in WebKitGTK allowing an attacker to perform remote code execution using maliciously crafted web content.

Advisories

Date Advisory Group Severity Type
18 May 2025 ASA-202505-4 AVG-2868 High arbitrary code execution