PT-2021-5827 · Webkitgtk+10 · Webkitgtk+10

Marcin Towalski

Published

2021-02-12

Updated

2022-07-21

CVE-2021-21779

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions WebKitGTK version 2.30.4

Description A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events. This can lead to a potential information leak and further memory corruption when a victim visits a specially crafted web page. The vulnerability can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For WebKitGTK version 2.30.4, update to a version with improved memory management to address the use-after-free issue. As a temporary workaround, consider restricting access to potentially malicious web pages to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:4381

ALT-PU-2021-1311

BDU:2022-00324

CESA-2021_4381

CVE-2021-21779

DSA-4945-1

MGASA-2021-0400

OPENSUSE-SU-2021:1101-1

OPENSUSE-SU-2021:2598-1

OPENSUSE-SU-2021_1101-1

OPENSUSE-SU-2021_2598-1

RHSA-2021:4381

RHSA-2021_4381

RHSA-2025:10364

RLSA-2021:4381

SUSE-SU-2021:2598-1

SUSE-SU-2021:2600-1

SUSE-SU-2021:2762-1

USN-5024-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Suse

Ubuntu

Webkitgtk

PT-2021-5827 · Webkitgtk+10 · Webkitgtk+10

CVE-2021-21779

Weakness Enumeration

Related Identifiers

Affected Products

References · 171