CVE-2022-30293
published 2022-05-06CVE-2022-30293: In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in…
PriorityP341high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
2.16%
80.0th percentile
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | webkit2gtk | < webkit2gtk 2.36.1-1 (bookworm) | webkit2gtk 2.36.1-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.36.1-1 (bookworm) | webkit2gtk 2.36.1-1 (bookworm) |
| webkitgtk | webkitgtk | <= 2.36.0 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_oracle7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Risk Matrix: Signaling (WebKitGTK) — CVE-2022-30293
vendor_oracle·2023-01-15·CVSS 7.5
CVE-2022-30293 [HIGH] Oracle Oracle Communications Risk Matrix: Signaling (WebKitGTK) — CVE-2022-30293
Oracle Oracle Communications Risk Matrix: Signaling (WebKitGTK) vulnerability
CVE: CVE-2022-30293
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
Red Hat
webkitgtk: heap-buffer-overflow in WebCore::TextureMapperLayer::setContentsLayer
vendor_redhat·2022-05-06·CVSS 7.5
CVE-2022-30294 [HIGH] webkitgtk: heap-buffer-overflow in WebCore::TextureMapperLayer::setContentsLayer
webkitgtk: heap-buffer-overflow in WebCore::TextureMapperLayer::setContentsLayer
[REJECTED CVE] In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
Statement: This flaw was found to be a duplicate of CVE-2022-30293. Please see https://access.redhat.com/security/cve/CVE-2022-30293 for information about affected products and security errata.
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Not affected
Package: webkit2gtk3 (Red Hat Enterprise Linux 8) - Affected
Package: webkitgtk4 (Red Hat Enterprise Linux 8) - Affected
Package: webkit2gtk3 (Red Hat Enterprise Linux 9) - Affected
Red Hat
webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
vendor_redhat·2022-05-06·CVSS 7.5
CVE-2022-30293 [HIGH] CWE-787 webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
A heap buffer overflow vulnerability was found in WebKitGTK. The vulnerability occurs when processing or rendering HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a heap buffer overflow error and leading to the execution of arbitrary code on the system.
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2022-30293: webkit2gtk - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overf...
vendor_debian·2022·CVSS 7.5
CVE-2022-30293 [HIGH] CVE-2022-30293: webkit2gtk - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overf...
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
Scope: local
bookworm: resolved (fixed in 2.36.1-1)
bullseye: resolved (fixed in 2.36.3-1~deb11u1)
forky: resolved (fixed in 2.36.1-1)
sid: resolved (fixed in 2.36.1-1)
trixie: resolved (fixed in 2.36.1-1)
GHSA
GHSA-vmhh-gfrw-g264: In WebKitGTK through 2
ghsa_unreviewed·2022-05-07
CVE-2022-30293 [HIGH] CWE-787 GHSA-vmhh-gfrw-g264: In WebKitGTK through 2
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
OSV
CVE-2022-30293: In WebKitGTK through 2
osv·2022-05-06·CVSS 7.5
CVE-2022-30293 [HIGH] CVE-2022-30293: In WebKitGTK through 2
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2022/05/30/1https://bugs.webkit.org/show_bug.cgi?id=237187https://github.com/ChijinZ/security_advisories/tree/master/webkitgtk-2.36.0https://security.gentoo.org/glsa/202208-39https://www.debian.org/security/2022/dsa-5154https://www.debian.org/security/2022/dsa-5155http://www.openwall.com/lists/oss-security/2022/05/30/1https://bugs.webkit.org/show_bug.cgi?id=237187https://github.com/ChijinZ/security_advisories/tree/master/webkitgtk-2.36.0https://security.gentoo.org/glsa/202208-39https://www.debian.org/security/2022/dsa-5154https://www.debian.org/security/2022/dsa-5155
2022-05-06
Published