PT-2022-3506 · Apple+7 · Webkitgtk+8

Chijin Zhou

Published

2022-04-22

Updated

2022-11-15

CVE-2022-30293

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WebKitGTK versions through 2.36.0 WPE WebKit versions through 2.36.0

Description The issue is related to a heap-based buffer overflow in the WebCore::TextureMapperLayer::setContentsLayer function, located in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp, which is part of the WebKitGTK and WPE WebKit modules for rendering web pages. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For WebKitGTK versions through 2.36.0, update to a version later than 2.36.0 to resolve the issue. For WPE WebKit versions through 2.36.0, update to a version later than 2.36.0 to resolve the issue. As a temporary workaround, consider disabling the WebCore::TextureMapperLayer::setContentsLayer function until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:7704

ALSA-2022:8054

ALT-PU-2022-1740

ALT-PU-2022-2162

BDU:2022-04287

CESA-2022_7704

CVE-2022-30293

DSA-5154-1

DSA-5155-1

OESA-2022-1698

OPENSUSE-SU-2022_2071-1

OPENSUSE-SU-2022_2072-1

RHSA-2022:7704

RHSA-2022:8054

RHSA-2022_7704

RHSA-2022_8054

RHSA-2025:10364

RLSA-2022:7704

RLSA-2022:8054

SUSE-SU-2022:2030-1

SUSE-SU-2022:2071-1

SUSE-SU-2022:2072-1

SUSE-SU-2022:2089-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

Wpe Webkit

Webkitgtk

PT-2022-3506 · Apple+7 · Webkitgtk+8

CVE-2022-30293

Weakness Enumeration

Related Identifiers

Affected Products

References · 93