CVE-2021-45481 — Missing Release of Memory after Effective Lifetime in Webkitgtk

CWE-401 — Missing Release of Memory after Effective Lifetime5 documents5 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.0%

top 92.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Debian Webkit2gtk Debian Wpewebkit

Timeline

PublishedDec 25

Latest updateDec 26

Description

In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDwebkitgtk/webkitgtk< 2.32.4

▶debiandebian/wpewebkit< webkit2gtk 2.34.0-1 (bookworm)

▶debiandebian/webkit2gtk< webkit2gtk 2.34.0-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-p53f-pm5m-wpj7: In WebKitGTK before 2↗2021-12-26

▶

OSV

CVE-2021-45481: In WebKitGTK before 2↗2021-12-25

▶

📋Vendor Advisories

Red Hat

webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create↗2021-12-17

▶

Debian

CVE-2021-45481: webkit2gtk - In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::Ima...↗2021

▶