cbcvebase.

Debian Webkit2Gtk vulnerabilities

678 known vulnerabilities affecting debian/webkit2gtk.

Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275

Vulnerabilities

Page 24 of 34
CVE-2018-4437P3LOWCVSS 8.8fixed in webkit2gtk 2.22.5-1 (bookworm)2018
CVE-2018-4437 [HIGH] CVE-2018-4437: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Scope: local bookworm: resolved (fixed in 2.22.5-1) bullseye: resolved (fixed in 2.22.5-1) forky: resolved (fixed in 2.22.5-1) sid: resolved (f
debian
CVE-2018-4464P3LOWCVSS 8.8fixed in webkit2gtk 2.22.0-2 (bookworm)2018
CVE-2018-4464 [HIGH] CVE-2018-4464: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Scope: local bookworm: resolved (fixed in 2.22.0-2) bullseye: resolved (fixed in 2.22.0-2) forky: resolved (fixed in 2.22.0-2) sid: resolved (f
debian
CVE-2018-4392P3LOWCVSS 8.8fixed in webkit2gtk 2.22.1-1 (bookworm)2018
CVE-2018-4392 [HIGH] CVE-2018-4392: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Scope: local bookworm: resolved (fixed in 2.22.1-1) bullseye: resolved (fixed in 2.22.1-1) forky: resolved (fixed in 2.22.1-1) sid: resolved (fixed in 2.22.1-1)
debian
CVE-2016-4591P3LOWCVSS 7.5fixed in webkit2gtk 2.12.4-1 (bookworm)2016
CVE-2016-4591 [HIGH] CVE-2016-4591: webkit2gtk - WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mis... WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.12.4-1) bullseye: resolved (fixed in 2.12.4-1) forky: resolved (fixed in 2.12.4-1) sid: resolved (fixed in 2.12.4-1) trixie: r
debian
CVE-2022-30293P3HIGHCVSS 7.5fixed in webkit2gtk 2.36.1-1 (bookworm)2022
CVE-2022-30293 [HIGH] CVE-2022-30293: webkit2gtk - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overf... In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. Scope: local bookworm: resolved (fixed in 2.36.1-1) bullseye: resolved (fixed in 2.36.3-1~deb11u1) forky: resolved (fixed in 2.36.1-1) sid: resolved (fixed in 2.36.1-1) tri
debian
CVE-2018-12911P3LOWCVSS 9.8fixed in webkit2gtk 2.20.4-1 (bookworm)2018
CVE-2018-12911 [CRITICAL] CVE-2018-12911: webkit2gtk - WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write,... WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. Scope: local bookworm: resolved (fixed in 2.20.4-1) bullseye: resolved (fixed in 2.20.4-1) forky: resolved (fixed in 2.20.4-1) sid: resolved (fixed in 2.20.4-1) tr
debian
CVE-2023-38572P3HIGHCVSS 7.5fixed in webkit2gtk 2.40.5-1~deb12u1 (bookworm)2023
CVE-2023-38572 [HIGH] CVE-2023-38572: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 ... The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. Scope: local bookworm: resolved (fixed in 2.40.5-1~deb12u1) bullseye: resolved (fixed in 2.40.5-1~deb11u1) forky: resolved (fixed i
debian
CVE-2025-13502P3HIGHCVSS 7.5fixed in webkit2gtk 2.50.2-1~deb12u1 (bookworm)2025
CVE-2025-13502 [HIGH] CVE-2025-13502: webkit2gtk - A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-o... A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in 2.50.2-1~deb11u1) forky: resolved (fixed in 2.50.2-1) sid: resolv
debian
CVE-2024-54502P3MEDIUMCVSS 6.5fixed in webkit2gtk 2.46.5-1~deb12u1 (bookworm)2024
CVE-2024-54502 [MEDIUM] CVE-2024-54502: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.2... The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.46.5-1~deb12u1) bullseye: resolved (fixed in 2.46.5-1
debian
CVE-2018-4214P3LOWCVSS 8.8fixed in webkit2gtk 2.20.0-2 (bookworm)2018
CVE-2018-4214 [HIGH] CVE-2018-4214: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.4 is affected. ... An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (me
debian
CVE-2018-4376P3LOWCVSS 8.8fixed in webkit2gtk 2.22.1-1 (bookworm)2018
CVE-2018-4376 [HIGH] CVE-2018-4376: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Scope: local bookworm: resolved (fixed in 2.22.1-1) bullseye: resolved (fixed in 2.22.1-1) forky: resolved (fixed in 2.22.1-1) sid: resolved (fixed in 2.22.1-1) trixie: res
debian
CVE-2018-4375P3LOWCVSS 8.8fixed in webkit2gtk 2.22.1-1 (bookworm)2018
CVE-2018-4375 [HIGH] CVE-2018-4375: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Scope: local bookworm: resolved (fixed in 2.22.1-1) bullseye: resolved (fixed in 2.22.1-1) forky: resolved (fixed in 2.22.1-1) sid: resolved (fixed in 2.22.1-1) trixie: res
debian
CVE-2022-22637P3HIGHCVSS 8.8fixed in webkit2gtk 2.34.4-1 (bookworm)2022
CVE-2022-22637 [HIGH] CVE-2022-22637: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior. Scope: local bookworm: resolved (fixed in 2.34.4-1) bullseye: resolved (fixed in 2.34.4-1~deb11u1) forky: resolved (fixed in 2.34.4-1)
debian
CVE-2020-9862P3HIGHCVSS 7.8fixed in webkit2gtk 2.28.4-1 (bookworm)2020
CVE-2020-9862 [HIGH] CVE-2020-9862: webkit2gtk - A command injection issue existed in Web Inspector. This issue was addressed wit... A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. Scope: local bookworm: resolved
debian
CVE-2017-2419P3LOWCVSS 7.5fixed in webkit2gtk 2.14.6-1 (bookworm)2017
CVE-2017-2419 [HIGH] CVE-2017-2419: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3 is affected. ... An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.14.6-1) bullseye: resolved (fixed in 2.14.6-1) forky: resol
debian
CVE-2019-6251P3MEDIUMCVSS 4.3fixed in webkit2gtk 2.24.1-1 (bookworm)2019
CVE-2019-6251 [MEDIUM] CVE-2019-6251: webkit2gtk - WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar s... WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. Scope: local bookworm: resolved (fixed in 2.24.1-1) bullseye: resolved (fixed in 2.24.1-1)
debian
CVE-2025-43480P3HIGHCVSS 8.1fixed in webkit2gtk 2.46.0-2~deb12u1 (bookworm)2025
CVE-2025-43480 [HIGH] CVE-2025-43480: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 26.1... The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin. Scope: local bookworm: resolved (fixed in 2.46.0-2~deb12u1) bullseye: resolved (fixed in 2.46.0-1) forky: resolved (fixed in 2.46.0-1) sid: resol
debian
CVE-2017-17821P3LOWCVSS 9.8fixed in webkit2gtk 2.22.0-2 (bookworm)2017
CVE-2017-17821 [CRITICAL] CVE-2017-17821: webkit2gtk - WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview R... WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and r
debian
CVE-2024-54508P3HIGHCVSS 7.5fixed in webkit2gtk 2.46.5-1~deb12u1 (bookworm)2024
CVE-2024-54508 [HIGH] CVE-2024-54508: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.46.5-1~deb12u1) bullseye: resolved (fixed in 2
debian
CVE-2026-20652P3HIGHCVSS 7.5fixed in webkit2gtk 2.50.6-1~deb12u1 (bookworm)2026
CVE-2026-20652 [HIGH] CVE-2026-20652: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed in 2.50.6-1) sid: resolved
debian
Debian Webkit2Gtk vulnerabilities | cvebase