CVE-2023-25363 — Use After Free in Webkitgtk

CWE-416 — Use After Free CWE-94 — Code Injection6 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 55.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk

Timeline

PublishedMar 2

Description

A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDwebkitgtk/webkitgtk< 2.36.8

🔴Vulnerability Details

CVEList

CVE-2023-25363: A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2↗2023-03-02

▶

OSV

CVE-2023-25363: A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2↗2023-03-02

▶

GHSA

GHSA-m6fv-rjwf-hmj9: A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2↗2023-03-02

▶

📋Vendor Advisories

Debian

CVE-2023-25363: webkit2gtk - A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependen...↗2023

▶

Red Hat

webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags()↗2022-07-13

▶