CVE-2022-22677

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions WPE WebKit versions prior to 2.36.4 WebKitGTK versions prior to 2.36.4

Description The issue is related to errors in resource release, allowing a remote attacker to impact data integrity. It involves a logic problem in handling concurrent media, which has been addressed with improved state handling. This may cause interruptions in video self-preview during a webRTC call if the user answers a phone call.

Recommendations For WPE WebKit versions prior to 2.36.4, update to version 2.36.4 or later. For WebKitGTK versions prior to 2.36.4, update to version 2.36.4 or later. As a temporary workaround, consider disabling the handling of concurrent media in webRTC calls until a patch is available.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2024-07314

CVE-2022-22677

DSA-5182-1

DSA-5183-1

MGASA-2022-0254

OPENSUSE-SU-2022_2523-1

OPENSUSE-SU-2022_2525-1

RHSA-2025:10364

SUSE-SU-2022:2522-1

SUSE-SU-2022:2523-1

SUSE-SU-2022:2524-1

SUSE-SU-2022:2525-1

USN-5522-1

Affected Products

Astra Linux

Linuxmint

Apple Macos

Suse

Ubuntu

Wpe Webkit

Webkitgtk

CVE-2022-22677

Weakness Enumeration

Related Identifiers

Affected Products

References · 36