WebKitGTK+ Security Advisory WSA-2017-0009
-
Date Reported: November 10, 2017
-
Advisory ID: WSA-2017-0009
-
CVE identifiers: CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803.
Several vulnerabilities were discovered in WebKitGTK+.
- CVE-2017-13783
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13784
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13785
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13788
- Versions affected: WebKitGTK+ before 2.18.3.
- Credit to xisigr of Tencent’s Xuanwu Lab (tencent.com).
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13791
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13792
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13793
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Hanul Choi working with Trend Micro’s Zero Day Initiative.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13794
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13795
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13796
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13798
- Versions affected: WebKitGTK+ before 2.18.3.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13802
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to Ivan Fratric of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13803
- Versions affected: WebKitGTK+ before 2.18.3.
- Credit to chenqin (陈钦) of Ant-financial Light-Year Security.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html