Webkit · Webkitgtk · CVE-2018-11646
**Name of the Vulnerable Software and Affected Versions**
WebKitGTK+ versions prior to 2.21.4
**Description**
The issue arises from the `webkitFaviconDatabaseSetIconForPageURL` and `webkitFaviconDatabaseSetIconURLForPageURL` functions in `UIProcess/API/glib/WebKitFaviconDatabase.cpp` of WebKit, which is used in WebKitGTK+. The functions mishandle an unset `pageURL`, resulting in an application crash.
**Recommendations**
For WebKitGTK+ versions prior to 2.21.4, update to version 2.21.4 or later to resolve the issue.