Debian Webkit2Gtk vulnerabilities

CVE-2025-43531 [LOW] CVE-2025-43531: webkit2gtk - A race condition was addressed with improved state handling. This issue is fixed... A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.4-1~deb12u1) bullseye: r

CVE-2024-54534 [CRITICAL] CVE-2024-54534: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.46.0-2~deb12u1) bullseye: resolved (fixed in 2.46.0-

CVE-2024-4558 [CRITICAL] CVE-2024-4558: chromium - Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remot... Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.155-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.155-1) sid: resolved (fixed in 124.0.6367.155-1) trixie

CVE-2024-54479 [HIGH] CVE-2024-54479: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.2... The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.46.5-1~deb12u1) bullseye: resolved (fixed in 2.46.5-1~d

CVE-2024-54551 [HIGH] CVE-2024-54551: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content may lead to a denial-of-service. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky: resolved (fixed in 2

CVE-2024-23222 [HIGH] CVE-2024-23222: webkit2gtk - A type confusion issue was addressed with improved checks. This issue is fixed i... A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix ass

CVE-2024-54543 [HIGH] CVE-2024-54543: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.46.5-1~deb12u1) bullseye: resolved (fixed in 2.46.5-1~de

CVE-2024-54505 [HIGH] CVE-2024-54505: webkit2gtk - A type confusion issue was addressed with improved memory handling. This issue i... A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.46.5-1~deb12u1) bullseye: resolved (fixed i

CVE-2024-27820 [HIGH] CVE-2024-27820: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.44.2-1~deb12u1) bullseye: resolved (fixed in 2.44.2-1~d

CVE-2024-27808 [HIGH] CVE-2024-27808: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.44.2-1~deb12u1) bullseye: resolved (fixed in 2.44.2-1~deb11u1) forky: resolved (fixed

CVE-2024-27856 [HIGH] CVE-2024-27856: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 17.5... The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.46.0-2~deb12u1) bullseye: resolved (fix

CVE-2024-27851 [HIGH] CVE-2024-27851: webkit2gtk - The issue was addressed with improved bounds checks. This issue is fixed in Safa... The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1) bullseye: resolved (fixed in 2.44.3-1) forky: resol

CVE-2024-27833 [HIGH] CVE-2024-27833: webkit2gtk - An integer overflow was addressed with improved input validation. This issue is ... An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.44.2-1~deb12u1) bullseye: resolved (fixed in 2.44.2-1~deb

CVE-2024-54508 [HIGH] CVE-2024-54508: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.46.5-1~deb12u1) bullseye: resolved (fixed in 2

CVE-2024-44308 [HIGH] CVE-2024-44308: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.1... The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems

CVE-2024-23213 [HIGH] CVE-2024-23213: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processing web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.42.5-1~deb12u1) bullseye: resolved (fixed in 2.42.5-1~deb11u1) forky:

CVE-2024-44192 [MEDIUM] CVE-2024-44192: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18, ... The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.48.0-1~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky: resolved (fi

CVE-2024-27838 [MEDIUM] CVE-2024-27838: webkit2gtk - The issue was addressed by adding additional logic. This issue is fixed in Safar... The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1) bullseye: resolved (fixed in 2.44.

CVE-2024-23263 [MEDIUM] CVE-2024-23263: webkit2gtk - A logic issue was addressed with improved validation. This issue is fixed in Saf... A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Scope: local bookworm: resolved (fixed in 2.44.1-1~deb12u1)

CVE-2024-40782 [MEDIUM] CVE-2024-40782: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1)