Описание
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Out of support scope | ||
| Red Hat Enterprise Linux 7 | webkitgtk3 | Out of support scope | ||
| Red Hat Enterprise Linux 9 | webkit2gtk3 | Not affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | webkitgtk4 | Fixed | RHSA-2025:10364 | 07.07.2025 |
| Red Hat Enterprise Linux 8 | webkit2gtk3 | Fixed | RHSA-2021:4381 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
A code execution vulnerability exists in the AudioSourceProviderGStrea ...
EPSS
8.8 High
CVSS3