Bug 1577374 – CVE-2018-4204 webkitgtk: memory corruption processing maliciously crafted web content

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1577374 - (CVE-2018-4204) CVE-2018-4204 webkitgtk: memory corruption processing maliciously crafted web content

Summary:	CVE-2018-4204 webkitgtk: memory corruption processing maliciously crafted web...

Status:	NEW

Aliases:	CVE-2018-4204

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20180507,repor...
Keywords:	Reopened, Security

Depends On:	1577388 1577762 1577375 1577376 1577377 1577378 1577379 1577380 1577763 1577764
Blocks:	1577390
	Show dependency tree / graph

Reported:	2018-05-11 16:29 EDT by Laura Pardo
Modified:	2018-07-31 11:33 EDT (History)
CC List:	8 users (show)

See Also:
Fixed In Version:	webkitgtk 2.20.1
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-06-07 22:43:29 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Laura Pardo 2018-05-11 16:29:35 EDT

A flaw was found in WebKitGTK+ before version 2.20.1. A memory corruption issue when processing maliciously crafted web content may lead to arbitrary code execution.


References:
https://webkitgtk.org/security/WSA-2018-0004.html

Comment 1 Laura Pardo 2018-05-11 16:30:15 EDT

Created mingw-webkitgtk tracking bugs for this issue:

Affects: fedora-all [bug 1577375]


Created mingw-webkitgtk3 tracking bugs for this issue:

Affects: fedora-all [bug 1577380]


Created webkitgtk tracking bugs for this issue:

Affects: epel-all [bug 1577378]
Affects: fedora-all [bug 1577377]


Created webkitgtk4 tracking bugs for this issue:

Affects: fedora-all [bug 1577379]

Comment 4 Huzaifa S. Sidhpurwala 2018-05-14 02:40:50 EDT

Upstream bug report:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1522

Comment 6 Michael Catanzaro 2018-05-14 08:44:31 EDT

(In reply to Huzaifa S. Sidhpurwala from comment #4)
> Upstream bug report:
> https://bugs.chromium.org/p/project-zero/issues/detail?id=1522

That issue has a different CVE identifier.

The upstream report we have on record is https://bugs.webkit.org/show_bug.cgi?id=183657.

Note You need to log in before you can comment on or make changes to this bug.