CVE-2017-2424
published 2017-04-02CVE-2017-2424: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL…
PriorityP429medium6.5CVSS 3.0
AVNACLPRNUIRSUCHINAN
EPSS
0.39%
60.2th percentile
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 10.2.1 | — |
| apple | safari | <= 10.0.3 | — |
| apple | safari | — | — |
| debian | webkit2gtk | < webkit2gtk 2.16.3-2 (bookworm) | webkit2gtk 2.16.3-2 (bookworm) |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5LOW
Apple
CVE-2017-2424: Safari 10.1
vendor_apple·2017-03-27·CVSS 6.5
CVE-2017-2424 [MEDIUM] CVE-2017-2424: Safari 10.1
Apple Security Update: About the security content of Safari 10.1
Product: Safari
Version: 10.1
CVE: CVE-2017-2424
Component: WebKit
Impact: Processing maliciously crafted web content may result in the disclosure of process memory
Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.
Apple
CVE-2017-2424: iOS 10.3
vendor_apple·2017-03-27·CVSS 6.5
CVE-2017-2424 [MEDIUM] CVE-2017-2424: iOS 10.3
Apple Security Update: About the security content of iOS 10.3
Product: iOS
Version: 10.3
CVE: CVE-2017-2424
Component: WebKit
Impact: Processing maliciously crafted web content may result in the disclosure of process memory
Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.
Debian
CVE-2017-2424: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ...
vendor_debian·2017·CVSS 6.5
CVE-2017-2424 [MEDIUM] CVE-2017-2424: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ...
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Scope: local
bookworm: resolved (fixed in 2.16.3-2)
bullseye: resolved (fixed in 2.16.3-2)
forky: resolved (fixed in 2.16.3-2)
sid: resolved (fixed in 2.16.3-2)
trixie: resolved (fixed in 2.16.3-2)
GHSA
GHSA-cg5f-666r-f8xc: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-17
CVE-2017-2424 [MEDIUM] CWE-200 GHSA-cg5f-666r-f8xc: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
OSV
CVE-2017-2424: An issue was discovered in certain Apple products
osv·2017-04-02·CVSS 6.5
CVE-2017-2424 [MEDIUM] CVE-2017-2424: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/97129http://www.securitytracker.com/id/1038137https://security.gentoo.org/glsa/201709-03https://support.apple.com/HT207600https://support.apple.com/HT207617http://www.securityfocus.com/bid/97129http://www.securitytracker.com/id/1038137https://security.gentoo.org/glsa/201709-03https://support.apple.com/HT207600https://support.apple.com/HT207617
2017-04-02
Published