2357913 – (CVE-2025-24213) CVE-2025-24213 webkitgtk: A type confusion issue could lead to memory corruption

Bug 2357913 (CVE-2025-24213) - CVE-2025-24213 webkitgtk: A type confusion issue could lead to memory corruption

Summary: CVE-2025-24213 webkitgtk: A type confusion issue could lead to memory corruption

Keywords:
Status:	NEW
Alias:	CVE-2025-24213
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2357995 2357996
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-07 14:29 UTC by OSIDB Bzimport
Modified:	2025-04-08 13:44 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-04-07 14:29:53 UTC

This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption.

Comment 1 Michael Catanzaro 2025-04-08 01:12:56 UTC

This CVE is fixed only on ARM architectures by https://github.com/WebKit/WebKit/commit/4c65775f049beec4fe0a50c1243dcfa634bf33e1. x86_64 is not vulnerable. x86 is not vulnerable when the SSE2 instruction set is enabled. Other architectures remain vulnerable. The fix for this CVE causes the build to fail on 32-bit ARM architectures.

Note You need to log in before you can comment on or make changes to this bug.