webkit2gtk-4.1

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Web content engine for GTK
Version	2.40.0-1 [testing] 2.38.5-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2791	2.36.4-2	2.36.5-1	Critical	Fixed
AVG-2650	2.34.5-1	2.34.6-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2022-32816	AVG-2791	High	Yes	Content spoofing	Visiting a website that frames malicious content may lead to UI spoofing.
CVE-2022-32792	AVG-2791	Critical	Yes	Arbitrary code execution	Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22620	AVG-2650	High	Yes	Arbitrary code execution	A use after free vulnerability was found in WebKitGTK allowing an attacker to perform remote code execution using maliciously crafted web content.

Issue

Group

Severity

Remote

Type

Description

High

Yes

Content spoofing

Visiting a website that frames malicious content may lead to UI spoofing.

Critical

Yes

Arbitrary code execution

Processing maliciously crafted web content may lead to arbitrary code execution.

High

Yes

Arbitrary code execution

A use after free vulnerability was found in WebKitGTK allowing an attacker to perform remote code execution using maliciously crafted web content.