CVE-2022-30293 — Out-of-bounds Write in Webkitgtk

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 59.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Webkit2gtk Debian Wpewebkit Webkitgtk +1 more

Timeline

PublishedMay 6

Latest updateJan 15

Description

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

▶NVDwebkitgtk/webkitgtk2.36.0

▶debiandebian/wpewebkit< webkit2gtk 2.36.1-1 (bookworm)

▶debiandebian/webkit2gtk< webkit2gtk 2.36.1-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: bugs.webkit.org ↗Patch: bugs.webkit.org ↗

🔴Vulnerability Details

GHSA

GHSA-vmhh-gfrw-g264: In WebKitGTK through 2↗2022-05-07

▶

OSV

CVE-2022-30293: In WebKitGTK through 2↗2022-05-06

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Signaling (WebKitGTK) — CVE-2022-30293↗2023-01-15

▶

Red Hat

webkitgtk: heap-buffer-overflow in WebCore::TextureMapperLayer::setContentsLayer↗2022-05-06

▶

Red Hat

webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution↗2022-05-06

▶

Debian

CVE-2022-30293: webkit2gtk - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overf...↗2022

▶