Bug 1188293 - (CVE-2021-21779) VUL-0: CVE-2021-21779: webkit2gtk3: WebCore::GraphicsContext use-after-free vulnerability
(CVE-2021-21779)
VUL-0: CVE-2021-21779: webkit2gtk3: WebCore::GraphicsContext use-after-free v...
Status: RESOLVED DUPLICATE of bug 1188697
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/303973/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-14 06:43 UTC by Alexander Bergmann
Modified: 2021-07-26 10:15 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-07-14 06:43:19 UTC
CVE-2021-21779

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext
handles certain events in WebKitGTK 2.30.4. A specially crafted web page can
lead to a potential information leak and further memory corruption. A victim
must be tricked into visiting a malicious web page to trigger this
vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21779
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238
Comment 1 Alexander Bergmann 2021-07-14 06:44:54 UTC
There is currently no security advisory at WebKitGTK mentioning this issue.

https://webkitgtk.org/security.html

It is unclear which version fixes this issue.
Comment 2 Robert Frohl 2021-07-26 10:15:06 UTC
closing as duplicate in favor of bsc#1188697

*** This bug has been marked as a duplicate of bug 1188697 ***