Debian Webkit2Gtk vulnerabilities
678 known vulnerabilities affecting debian/webkit2gtk.
Total CVEs
678
CISA KEV
38
actively exploited
Public exploits
113
Exploited in wild
53
Severity breakdown
CRITICAL14HIGH239MEDIUM150LOW275
Vulnerabilities
Page 32 of 34
CVE-2016-4590P4LOWCVSS 5.4fixed in webkit2gtk 2.12.4-1 (bookworm)2016
CVE-2016-4590 [MEDIUM] CVE-2016-4590: webkit2gtk - WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs,...
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Scope: local
bookworm: resolved (fixed in 2.12.4-1)
bullseye: resolved (fixed in 2.12.4-1)
forky: resolved (fixed in 2.12.4-1)
sid: resolved (fixed in 2.12.4-1)
trixie: resolved (fixed in 2.12.4-1)
debian
CVE-2021-30836P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.32.4-1 (bookworm)2021
CVE-2021-30836 [MEDIUM] CVE-2021-30836: webkit2gtk - An out-of-bounds read was addressed with improved input validation. This issue i...
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.
Scope: local
bookworm: resolved (fixed in 2.32.4-1)
bullseye: resolved (fixed in 2.32.4-1~deb11u1)
forky: resolved (fixed in 2.3
debian
CVE-2023-32370P4MEDIUMCVSS 5.3fixed in webkit2gtk 2.40.1-1 (bookworm)2023
CVE-2023-32370 [MEDIUM] CVE-2023-32370: webkit2gtk - A logic issue was addressed with improved validation. This issue is fixed in mac...
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.
Scope: local
bookworm: resolved (fixed in 2.40.1-1)
bullseye: resolved (fixed in 2.40.1-1~deb11u1)
forky: resolved (fixed in 2.40.1-1)
sid: resolved (fixed in 2.40.1-1)
trixie: resolved (fixed in 2.40
debian
CVE-2018-4133P4LOWCVSS 6.1fixed in webkit2gtk 2.20.0-2 (bookworm)2018
CVE-2018-4133 [MEDIUM] CVE-2018-4133: webkit2gtk - An issue was discovered in certain Apple products. Safari before 11.1 is affecte...
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Scope: local
bookworm: resolved (fixed in 2.20.0-2)
bullseye: resolved (fixed in 2.20.0-2)
forky: resolved
debian
CVE-2024-40780P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.44.3-1~deb12u1 (bookworm)2024
CVE-2024-40780 [MEDIUM] CVE-2024-40780: webkit2gtk - An out-of-bounds read was addressed with improved bounds checking. This issue is...
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.44.3-1~deb12u1)
bu
debian
CVE-2017-1000122P4LOWCVSS 5.3fixed in webkit2gtk 2.16.3-2 (bookworm)2017
CVE-2017-1000122 [MEDIUM] CVE-2017-1000122: webkit2gtk - The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not pro...
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.
Scope: local
bookworm: resolved (fixed in 2.16.3-2)
bullseye: resolved (fixed
debian
CVE-2024-40779P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.44.3-1~deb12u1 (bookworm)2024
CVE-2024-40779 [MEDIUM] CVE-2024-40779: webkit2gtk - An out-of-bounds read was addressed with improved bounds checking. This issue is...
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.44.3-1~deb12u1)
bu
debian
CVE-2022-42824P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.38.2-1 (bookworm)2022
CVE-2022-42824 [MEDIUM] CVE-2022-42824: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ...
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.
Scope: local
bookworm: resolved (fixed in 2.38.2-1)
bullseye: resolved (fixed in 2.38.2-1~deb11u1)
forky: resolved (f
debian
CVE-2018-4232P4LOWCVSS 4.3fixed in webkit2gtk 2.20.3-1 (bookworm)2018
CVE-2018-4232 [MEDIUM] CVE-2018-4232: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11.4 is affected. ...
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.
Scope: local
bookwo
debian
CVE-2025-43429P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.50.2-1~deb12u1 (bookworm)2025
CVE-2025-43429 [MEDIUM] CVE-2025-43429: webkit2gtk - A buffer overflow was addressed with improved bounds checking. This issue is fix...
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.50.2-1~deb12u1)
bullse
debian
CVE-2025-43434P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.50.2-1~deb12u1 (bookworm)2025
CVE-2025-43434 [MEDIUM] CVE-2025-43434: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue...
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Scope: local
bookworm: resolved (fixed in 2.50.2-1~deb12u1)
bullseye: r
debian
CVE-2025-43438P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.50.2-1~deb12u1 (bookworm)2025
CVE-2025-43438 [MEDIUM] CVE-2025-43438: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue...
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Scope: local
bookworm: resolved (fixed in 2.50.2-1~deb12u1)
bullseye: r
debian
CVE-2025-43211P4MEDIUMCVSS 6.2fixed in webkit2gtk 2.48.5-1~deb12u1 (bookworm)2025
CVE-2025-43211 [MEDIUM] CVE-2025-43211: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa...
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.
Scope: local
bookworm: resolved (fixed in 2.48.5-1~deb12u1)
bullseye: resolved (fixed in 2.48.5-1~deb11u1)
forky: re
debian
CVE-2026-20608P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.50.6-1~deb12u1 (bookworm)2026
CVE-2026-20608 [MEDIUM] CVE-2026-20608: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ...
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.50.6-1~deb12u1)
bullseye: open
forky: resolved (fi
debian
CVE-2023-27932P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.40.1-1 (bookworm)2023
CVE-2023-27932 [MEDIUM] CVE-2023-27932: webkit2gtk - This issue was addressed with improved state management. This issue is fixed in ...
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.
Scope: local
bookworm: resolved (fixed in 2.40.1-1)
bullseye: resolved (fixed in 2.40.1-1~deb11u1)
forky: resolved (fixed in 2
debian
CVE-2025-31257P4MEDIUMCVSS 4.7fixed in webkit2gtk 2.48.3-1~deb12u1 (bookworm)2025
CVE-2025-31257 [MEDIUM] CVE-2025-31257: webkit2gtk - This issue was addressed with improved memory handling. This issue is fixed in S...
This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Scope: local
bookworm: resolved (fixed in 2.48.3-1~deb12u1)
bullseye: resolved (fixed in 2.48.3-1~deb11
debian
CVE-2020-3885P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.28.0-2 (bookworm)2020
CVE-2020-3885 [MEDIUM] CVE-2020-3885: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i...
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.
Scope: local
bookworm: resolved (fixed in 2.28.0-2)
bullseye: resolved (fixed in 2.28.0-2)
forky: resolved (fixed i
debian
CVE-2025-43441P4MEDIUMCVSS 4.3fixed in webkit2gtk 2.50.2-1~deb12u1 (bookworm)2025
CVE-2025-43441 [MEDIUM] CVE-2025-43441: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa...
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Scope: local
bookworm: resolved (fixed in 2.50.2-1~deb12u1)
bullseye: resolved (fixed in
debian
CVE-2023-42883P4MEDIUMCVSS 5.5fixed in webkit2gtk 2.42.4-1~deb12u1 (bookworm)2023
CVE-2023-42883 [MEDIUM] CVE-2023-42883: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa...
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.
Scope: local
bookworm: resolved (fixed in 2.42.4-1~deb12u1)
bullseye: resolved (fixed in 2.42.4-1~deb11u1)
forky: resol
debian
CVE-2016-7592P4LOWCVSS 4.3fixed in webkit2gtk 2.14.3-1 (bookworm)2016
CVE-2016-7592 [MEDIUM] CVE-2016-7592: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2 is affected. ...
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site.
Scope: local
bookworm: resolved (fi
debian