Bug 2302070 (CVE-2024-40779) - CVE-2024-40779 webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking
Summary: CVE-2024-40779 webkitgtk: webkit2gtk: Out-of-bounds read was addressed with i...
Keywords:
Status: NEW
Alias: CVE-2024-40779
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2302095 2302098 2302103
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-31 15:43 UTC by Patrick Del Bello
Modified: 2024-08-27 19:24 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Patrick Del Bello 2024-07-31 15:43:48 UTC
Description: An out-of-bounds read was addressed with improved bounds checking.

Impact: Processing maliciously crafted web content may lead to an unexpected process crash.

Comment 1 Michael Catanzaro 2024-07-31 16:53:37 UTC
Fixed by https://github.com/WebKit/WebKit/commit/2fe5ae29a5f6434ef456afe9673a4f400ec63848 (HeapBufferOverflow in computeSampleUsingLinearInterpolation)


Note You need to log in before you can comment on or make changes to this bug.