CVE-2021-21779Use After Free in Webkitgtk

CWE-416Use After Free12 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 33.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Debian Webkit2gtkDebian WpewebkitApple Macos BIG SUR+6 more
Timeline
PublishedJul 8
Latest updateMay 24

Description

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

debiandebian/wpewebkit< webkit2gtk 2.32.3-1 (bookworm)
debiandebian/webkit2gtk< webkit2gtk 2.32.3-1 (bookworm)
Appleapple/tvos14.6
Appleapple/safari14.1.1

Also affects: Debian Linux 10.0, Fedora 33, 34

🔴Vulnerability Details

2
GHSA
GHSA-fvf7-58x3-4492: A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 22022-05-24
OSV
CVE-2021-21779: A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 22021-07-08

📋Vendor Advisories

7
Ubuntu
WebKitGTK vulnerabilities2021-07-28
Red Hat
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution2021-07-28
Apple
CVE-2021-21779: macOS Big Sur 11.42021-05-24
Apple
CVE-2021-21779: Safari 14.1.12021-05-24
Apple
CVE-2021-21779: watchOS 7.52021-05-24

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Use-after-free vulnerability in WebKit2021-06-02
Talos
Vulnerability Spotlight: Use-after-free vulnerability in WebKit2021-06-02