PT-2021-5834 · Webkitgtk+9 · Webkitgtk+9

Marcin Towalski

Published

2021-02-12

Updated

2024-06-15

CVE-2021-21775

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WebKitGTK version 2.30.4

Description A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of WebKit. This vulnerability can be exploited by a remote attacker, allowing them to access confidential data, compromise data integrity, and cause a denial of service. A specially crafted web page can lead to a potential information leak and further memory corruption. To trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.

Recommendations For WebKitGTK version 2.30.4, consider disabling the ImageLoader object until a patch is available to prevent potential information leaks and memory corruption. Restrict access to malicious web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:4381

ALT-PU-2021-1311

BDU:2022-00344

CESA-2021_4381

CVE-2021-21775

DSA-4945-1

MGASA-2021-0400

OPENSUSE-SU-2021:1101-1

OPENSUSE-SU-2021:2598-1

OPENSUSE-SU-2021_1101-1

OPENSUSE-SU-2021_2598-1

OPENSUSE-SU-2024:11506-1

RHSA-2021:4381

RHSA-2021_4381

RHSA-2025:10364

RLSA-2021:4381

SUSE-SU-2021:2598-1

SUSE-SU-2021:2600-1

SUSE-SU-2021:2762-1

USN-5024-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Webkitgtk

PT-2021-5834 · Webkitgtk+9 · Webkitgtk+9

CVE-2021-21775

Weakness Enumeration

Related Identifiers

Affected Products

References · 287