Debian Webkit2Gtk vulnerabilities
678 known vulnerabilities affecting debian/webkit2gtk.
Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275
Vulnerabilities
Page 30 of 34
CVE-2014-1745P4HIGHCVSS 7.1fixed in webkit2gtk 2.42.1-1~deb12u1 (bookworm)2014
CVE-2014-1745 [HIGH] CVE-2014-1745: webkit2gtk - Use-after-free vulnerability in the SVG implementation in Blink, as used in Goog...
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.
Scope: local
bookworm: resolved (fixed in 2.42.1-1
debian
CVE-2018-4146P4LOWCVSS 6.5fixed in webkit2gtk 2.20.0-2 (bookworm)2018
CVE-2018-4146 [MEDIUM] CVE-2018-4146: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.3 is affected. ...
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corr
debian
CVE-2021-45481P4HIGHCVSS 8.8fixed in webkit2gtk 2.34.0-1 (bookworm)2021
CVE-2021-45481 [HIGH] CVE-2021-45481: webkit2gtk - In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::Ima...
In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.
Scope: local
bookworm: resolved (fixed in 2.34.0-1)
bullseye: resolved (fixed in 2.34.1-1~deb11u1)
forky: resolved (fixed in 2.34.0-1)
si
debian
CVE-2021-45483P4HIGHCVSS 8.8fixed in webkit2gtk 2.34.0-1 (bookworm)2021
CVE-2021-45483 [HIGH] CVE-2021-45483: webkit2gtk - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a...
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889.
Scope: local
bookworm: resolved (fixed in 2.34.0-1)
bullseye: resolved (fixed in 2.34.1-1~deb11u1)
forky: resolved (fixed in 2.34.0-1)
sid: resolved (fixed in 2.34.0-1)
trixie: resolved (fixed in 2.34.0-1)
debian
CVE-2023-42956P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.1-1~deb12u1 (bookworm)2023
CVE-2023-42956 [MEDIUM] CVE-2023-42956: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa...
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.
Scope: local
bookworm: resolved (fixed in 2.44.1-1~deb12u1)
bullseye: resolved (fixed in 2.44.1-1~deb11u1)
forky: resolved (fixed in 2.44.0-1)
sid: resolved (fixed in 2.44
debian
CVE-2024-54658P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.44.1-1~deb12u1 (bookworm)2024
CVE-2024-54658 [MEDIUM] CVE-2024-54658: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa...
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.
Scope: local
bookworm: resolved (fixed in 2.44.1-1~deb12u1)
bullseye: resolved (fixed in 2.44.1-1~deb11u1)
forky: resolved (fixed in
debian
CVE-2019-8813P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.26.1-1 (bookworm)2019
CVE-2019-8813 [MEDIUM] CVE-2019-8813: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.26.1-1)
bullseye: resolved (fixed in 2.26.1-1)
debian
CVE-2019-11070P4MEDIUMCVSS 5.3fixed in webkit2gtk 2.24.1-1 (bookworm)2019
CVE-2019-11070 [MEDIUM] CVE-2019-11070: webkit2gtk - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply config...
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
Scope: local
bookworm: resolved (fixed in 2.24.1-1)
bullseye: resolved (fixed
debian
CVE-2019-8719P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.24.4-1 (bookworm)2019
CVE-2019-8719 [MEDIUM] CVE-2019-8719: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.24.4-1)
bullseye: resolved (fixed in 2.24.4-1)
forky: resolved (
debian
CVE-2019-8625P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.26.0-1 (bookworm)2019
CVE-2019-8625 [MEDIUM] CVE-2019-8625: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.26.0-1)
bullseye: resolved (fixed in 2.26.0-1)
forky: resolved (
debian
CVE-2022-42799P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.38.2-1 (bookworm)2022
CVE-2022-42799 [MEDIUM] CVE-2022-42799: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in tvOS 1...
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.
Scope: local
bookworm: resolved (fixed in 2.38.2-1)
bullseye: resolved (fixed in 2.38.2-1~deb11u1)
forky: resolved (fixed in 2.38.2-1)
sid: reso
debian
CVE-2021-30720P4MEDIUMCVSS 5.4fixed in webkit2gtk 2.32.3-1 (bookworm)2021
CVE-2021-30720 [MEDIUM] CVE-2021-30720: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in t...
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.
Scope: local
bookworm: resolved (fixed in 2.32.3-1)
bullseye: resolved (fixed in 2.32.3-1)
forky: resolved (fixed in 2
debian
CVE-2026-20643P4MEDIUMCVSS 5.4fixed in webkit2gtk 2.52.1-1 (sid)2026
CVE-2026-20643 [MEDIUM] CVE-2026-20643: webkit2gtk - A cross-origin issue in the Navigation API was addressed with improved input val...
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.
Scope: local
b
debian
CVE-2020-3862P4MEDIUMCVSS 6.5fixed in webkit2gtk 2.26.4-1 (bookworm)2020
CVE-2020-3862 [MEDIUM] CVE-2020-3862: webkit2gtk - A denial of service issue was addressed with improved memory handling. This issu...
A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.
Scope: local
bookworm: resolved (fixed in 2.26.4-1)
bullseye: resolved (f
debian
CVE-2025-43240P4MEDIUMCVSS 6.2fixed in webkit2gtk 2.48.5-1~deb12u1 (bookworm)2025
CVE-2025-43240 [MEDIUM] CVE-2025-43240: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in Safari ...
A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated.
Scope: local
bookworm: resolved (fixed in 2.48.5-1~deb12u1)
bullseye: resolved (fixed in 2.48.5-1~deb11u1)
forky: resolved (fixed in 2.48.5-1)
sid: resolved (fixed in 2.48.5-1)
trixie: resolved (fixed in 2.
debian
CVE-2020-3902P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.28.0-2 (bookworm)2020
CVE-2020-3902 [MEDIUM] CVE-2020-3902: webkit2gtk - An input validation issue was addressed with improved input validation. This iss...
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.
Scope: local
bookworm: resolved (fixed in 2.28.0-2)
bu
debian
CVE-2021-30689P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.32.3-1 (bookworm)2021
CVE-2021-30689 [MEDIUM] CVE-2021-30689: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.32.3-1)
bullseye: resolved (fixed in 2.32.3-1)
forky: resolved (
debian
CVE-2019-8551P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.24.1-1 (bookworm)2019
CVE-2019-8551 [MEDIUM] CVE-2019-8551: webkit2gtk - A logic issue was addressed with improved validation. This issue is fixed in iOS...
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.24.1-1)
bullseye: resolved (fixed in 2.24.1-1)
forky: resolved (fixed i
debian
CVE-2019-6229P4LOWCVSS 6.1fixed in webkit2gtk 2.22.5-1 (bookworm)2019
CVE-2019-6229 [MEDIUM] CVE-2019-6229: webkit2gtk - A logic issue was addressed with improved validation. This issue is fixed in iOS...
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.22.5-1)
bullseye: resolved (fixed in 2.22.5-1)
forky: resolved (f
debian
CVE-2021-30744P4MEDIUMCVSS 6.1fixed in webkit2gtk 2.32.3-1 (bookworm)2021
CVE-2021-30744 [MEDIUM] CVE-2021-30744: webkit2gtk - Description: A cross-origin issue with iframe elements was addressed with improv...
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
Scope: local
bookworm: resolved (fixed in 2.32.3-1)
bul
debian