CVE-2023-39928Use After Free in Webkit

CWE-416Use After Free9 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 61.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WebkitDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedOct 6
Latest updateOct 11

Description

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5webkit/webkitWebKitGTK 2.40.5

Also affects: Debian Linux 11.0, 12.0, Fedora 37

🔴Vulnerability Details

3
GHSA
GHSA-7245-jcxv-7q52: A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 22023-10-06
CVEList
CVE-2023-39928: A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 22023-10-06
OSV
CVE-2023-39928: A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 22023-10-06

📋Vendor Advisories

3
Ubuntu
WebKitGTK vulnerabilities2023-10-10
Red Hat
webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports2023-09-28
Debian
CVE-2023-39928: webkit2gtk - A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitG...2023

🕵️Threat Intelligence

2
Talos
10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows2023-10-11
Talos
10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows2023-10-11