QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12293

Published: Jun 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.webkit.org/show_bug.cgi?id=186384

x_refsource_MISC

vendor-advisory

x_refsource_GENTOO

20180614 WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005

mailing-list

x_refsource_BUGTRAQ

exploit

x_refsource_EXPLOIT-DB

https://trac.webkit.org/changeset/232618

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html

x_refsource_MISC

[oss-security] 20180614 WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.