Debian Wpewebkit vulnerabilities

CVE-2021-30734 [HIGH] CVE-2021-30734: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.32.3-1) bullseye: resolved (fixed in 2.32.3-1) forky

CVE-2021-1789 [HIGH] CVE-2021-1789: webkit2gtk - A type confusion issue was addressed with improved state handling. This issue is... A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2

CVE-2021-45481 [HIGH] CVE-2021-45481: webkit2gtk - In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::Ima... In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. Scope: local bookworm: resolved (fixed in 2.34.0-1) bullseye: resolved (fixed in 2.34.1-1~deb11u1) forky: resolved (fixed in 2.34.0-1) si

CVE-2021-30954 [HIGH] CVE-2021-30954: webkit2gtk - A type confusion issue was addressed with improved memory handling. This issue i... A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.34.4-1) bullseye: resolved (fixed in 2.34.4-1~deb11u1) forky: res

CVE-2021-30846 [HIGH] CVE-2021-30846: webkit2gtk - A memory corruption issue was addressed with improved memory handling. This issu... A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.34.0-1) bullseye: resolved (fixed in 2.34.1-1~deb11u1) forky: resol

CVE-2021-1788 [HIGH] CVE-2021-1788: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed i

CVE-2021-30663 [HIGH] CVE-2021-30663: webkit2gtk - An integer overflow was addressed with improved input validation. This issue is ... An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.32.3-1) bullseye: resolved (fixed in 2.32.3-1) forky: resolve

CVE-2021-30952 [HIGH] CVE-2021-30952: webkit2gtk - An integer overflow was addressed with improved input validation. This issue is ... An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.34.4-1) bullseye: resolved (fixed in 2.34.4-1~deb11u1) forky: resol

CVE-2021-30951 [HIGH] CVE-2021-30951: webkit2gtk - A use after free issue was addressed with improved memory management. This issue... A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.34.4-1) bullseye: resolved (fixed in 2.34.4-1~deb11u1) forky: r

CVE-2021-45483 [HIGH] CVE-2021-45483: webkit2gtk - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a... In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. Scope: local bookworm: resolved (fixed in 2.34.0-1) bullseye: resolved (fixed in 2.34.1-1~deb11u1) forky: resolved (fixed in 2.34.0-1) sid: resolved (fixed in 2.34.0-1) trixie: resolved (fixed in 2.34.0-1)

CVE-2021-30666 [HIGH] CVE-2021-30666: webkit2gtk - A buffer overflow issue was addressed with improved memory handling. This issue ... A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Scope: local bookworm: resolved (fixed in 2.26.1-2) bullseye: resolved (fixed in 2.26.1-2) forky: reso

CVE-2021-30761 [HIGH] CVE-2021-30761: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss... A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Scope: local bookworm: resolved (fixed in 2.26.1-2) bullseye: resolved (fixed in 2.26.1-2) forky: r

CVE-2021-21779 [HIGH] CVE-2021-21779: webkit2gtk - A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handle... A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.32.3-1) bul

CVE-2021-42762 [HIGH] CVE-2021-42762: webkit2gtk - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limite... BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mo

CVE-2021-30851 [HIGH] CVE-2021-30851: webkit2gtk - A memory corruption vulnerability was addressed with improved locking. This issu... A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. Scope: local bookworm: resolved (fixed in 2.34.0-1) bullseye: resolved (fixed in 2.34.1-1~deb11u1) forky: resolved (fixed in 2.34.0-1) sid: resolve

CVE-2021-1844 [HIGH] CVE-2021-1844: webkit2gtk - A memory corruption issue was addressed with improved validation. This issue is ... A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.32.0-2) bullseye: resolved (fixed

CVE-2021-30849 [HIGH] CVE-2021-30849: webkit2gtk - Multiple memory corruption issues were addressed with improved memory handling. ... Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.32.4-1) bullseye: resolved (fixe

CVE-2021-30934 [HIGH] CVE-2021-30934: webkit2gtk - A buffer overflow issue was addressed with improved memory handling. This issue ... A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.34.4-1) bullseye: resolved (fixed in 2.34.4-1~deb11u1) forky: re

CVE-2021-21775 [HIGH] CVE-2021-21775: webkit2gtk - A use-after-free vulnerability exists in the way certain events are processed fo... A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. Scope: local bookworm: resolved (fi

CVE-2021-1817 [HIGH] CVE-2021-1817: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss... A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed in 2.30.1-1) forky: resolved (fixed in 2.30