QwikSec

Security Database

CVE

CWE

Training

CVE-2021-21775

Published: Jul 7, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.0

6.8

MEDIUM

Description

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.

Vendor	Product	Versions
n/a	Webkit	affected `Webkit WebKitGTK 2.30.4`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229

x_refsource_MISC

[oss-security] 20210723 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004

mailing-list

x_refsource_MLIST

FEDORA-2021-cf7d8c7b1a

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

FEDORA-2021-3de956ceee

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.