Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-12293

CWE-190 — Integer Overflow CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

8.8HIGH

EPSS

39.0%

top 2.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Webkitgtk Webkitgtk\+Wpewebkit WPE Webkit Canonical Ubuntu Linux

Timeline

PublishedJun 19

Latest updateMay 13

Description

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDwpewebkit/wpe_webkit< 2.20.1

▶NVDwebkitgtk/webkitgtk\+< 2.20.3

▶Debianwebkit2gtk< 2.20.3-1+3

Also affects: Ubuntu Linux 16.04, 17.10, 18.04

Patches

Patch: trac.webkit.org ↗Patch: trac.webkit.org ↗

🔴Vulnerability Details

GHSA

GHSA-g7g2-cvmj-5ppx: The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo↗2022-05-13

▶

CVEList

CVE-2018-12293: The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo↗2018-06-19

▶

OSV

CVE-2018-12293: The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo↗2018-06-19

▶

💥Exploits & PoCs

Exploit-DB

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)↗2018-08-16

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2018-06-18

▶

Debian

CVE-2018-12293: webkit2gtk - The getImageData function in the ImageBufferCairo class in WebCore/platform/grap...↗2018

▶