CVE-2018-12911
published 2018-07-19CVE-2018-12911: WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and…
PriorityP340critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.73%
74.8th percentile
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | webkit2gtk | < webkit2gtk 2.20.4-1 (bookworm) | webkit2gtk 2.20.4-1 (bookworm) |
| webkitgtk | webkitgtk | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK+ vulnerabilities
vendor_ubuntu·2018-08-16
CVE-2018-12911 WebKitGTK+ vulnerabilities
Title: WebKitGTK+ vulnerabilities
Summary: Several security issues were fixed in WebKitGTK+.
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
Debian
CVE-2018-12911: webkit2gtk - WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write,...
vendor_debian·2018·CVSS 9.8
CVE-2018-12911 [CRITICAL] CVE-2018-12911: webkit2gtk - WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write,...
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
Scope: local
bookworm: resolved (fixed in 2.20.4-1)
bullseye: resolved (fixed in 2.20.4-1)
forky: resolved (fixed in 2.20.4-1)
sid: resolved (fixed in 2.20.4-1)
trixie: resolved (fixed in 2.20.4-1)
GHSA
GHSA-jc5j-6mrr-7p3r: WebKitGTK+ 2
ghsa_unreviewed·2022-05-14
CVE-2018-12911 [CRITICAL] CWE-787 GHSA-jc5j-6mrr-7p3r: WebKitGTK+ 2
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
OSV
CVE-2018-12911: WebKitGTK+ 2
osv·2018-07-19·CVSS 9.8
CVE-2018-12911 [CRITICAL] CVE-2018-12911: WebKitGTK+ 2
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-19
Published