CVE-2017-1000121

Name of the Vulnerable Software and Affected Versions WebKitGTK+ versions prior to 2.16.3

Description The issue arises from improper validation of message size metadata in the UNIX IPC layer of WebKit, including WebKitGTK+. This allows a compromised secondary process to trigger an integer overflow, leading to a subsequent buffer overflow in the UI process. It is noted that this issue does not affect Apple products.

Recommendations For WebKitGTK+ versions prior to 2.16.3, update to version 2.16.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPC::Connection::processMessage function until a patch is available.