CVE-2019-8375

Name of the Vulnerable Software and Affected Versions WebKitGTK+ versions prior to 2.22.7 WebKitGTK versions prior to 2.23.91

Description The issue is caused by a buffer overflow in the UIProcess subsystem of WebKitGTK+, allowing a remote attacker to potentially cause a denial of service or impact the confidentiality and integrity of protected information. The problem is related to the script dialog size exceeding the web view size. This issue affects products such as GNOME Web (also known as Epiphany).

Recommendations For WebKitGTK+ versions prior to 2.22.7, update to version 2.22.7 or later to resolve the issue. For WebKitGTK versions prior to 2.23.91, update to version 2.23.91 or later to resolve the issue. As a temporary workaround, consider restricting access to the UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp modules until a patch is available.