exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WebKitGTK+ DoS / Code Execution / Bypass

WebKitGTK+ DoS / Code Execution / Bypass
Posted Jan 27, 2015
Authored by WebKitGTK+ Team

The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
advisories | CVE-2013-2871, CVE-2013-2875, CVE-2013-2927, CVE-2014-1292, CVE-2014-1297, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339
SHA-256 | 326b02ff487ef267ea4187e1de17d0c6aac589a200b5be40f35cf8784fed3930

WebKitGTK+ DoS / Code Execution / Bypass

Change Mirror Download
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------

Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html
Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.
CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298,
CVE-2014-1299, CVE-2014-1300, CVE-2014-1303,
CVE-2014-1304, CVE-2014-1305, CVE-2014-1307,
CVE-2014-1308, CVE-2014-1309, CVE-2014-1311,
CVE-2014-1313, CVE-2014-1713, CVE-2014-1297,
CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,
CVE-2014-1326, CVE-2014-1329, CVE-2014-1330,
CVE-2014-1331, CVE-2014-1333, CVE-2014-1334,
CVE-2014-1335, CVE-2014-1336, CVE-2014-1337,
CVE-2014-1338, CVE-2014-1339, CVE-2014-1341,
CVE-2014-1342, CVE-2014-1343, CVE-2014-1731,
CVE-2014-1346, CVE-2014-1344, CVE-2014-1384,
CVE-2014-1385, CVE-2014-1387, CVE-2014-1388,
CVE-2014-1389, CVE-2014-1390.

Several vulnerabilities were discovered on the 2.4 stable series of
WebKitGTK+.

CVE-2013-2871
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to miaubiz.
Use-after-free vulnerability in Google Chrome before 28.0.1500.71
allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors related to the handling of
input.

CVE-2014-1292
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than CVE-2014-1289,
CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.

CVE-2014-1298
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1299
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1300
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero working with HP's Zero Day
Initiative.
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows
remote attackers to execute arbitrary code with root privileges via
unknown vectors, as demonstrated by Google during a Pwn4Fun
competition at CanSecWest 2014.

CVE-2014-1303
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to KeenTeam working with HP's Zero Day Initiative.
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote
attackers to execute arbitrary code and bypass a sandbox protection
mechanism via unspecified vectors, as demonstrated by Liang Chen
during a Pwn2Own competition at CanSecWest 2014.

CVE-2014-1304
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1305
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1307
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1308
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1309
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to cloudfuzzer.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1311
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1313
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1713
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to VUPEN working with HP's Zero Day Initiative.
Use-after-free vulnerability in the AttributeSetter function in
bindings/templates/attributes.cpp in the bindings in Blink, as used
in Google Chrome before 33.0.1750.152 on OS X and Linux and before
33.0.1750.154 on Windows, allows remote attackers to cause a denial
of service or possibly have unspecified other impact via vectors
involving the document.location value.

CVE-2014-1297
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
does not properly validate WebProcess IPC messages, which allows
remote attackers to bypass a sandbox protection mechanism and read
arbitrary files by leveraging WebProcess access.

CVE-2013-2875
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to miaubiz.
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in
Blink, as used in Google Chrome before 28.0.1500.71, allows remote
attackers to cause a denial of service (out-of-bounds read) via
unspecified vectors.

CVE-2013-2927
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
HTMLFormElement::prepareForSubmission function in
core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome
before 30.0.1599.101, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors
related to submission for FORM elements.

CVE-2014-1323
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to banty.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1326
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1329
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1330
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1331
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1333
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1334
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1335
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1336
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1337
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1338
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1339
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Atte Kettunen of OUSPG.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1341
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1342
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1343
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1731
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to an anonymous member of the Blink development community.
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink,
as used in Google Chrome before 34.0.1847.131 on Windows and OS X
and before 34.0.1847.132 on Linux, does not properly check renderer
state upon a focus event, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
vectors that leverage "type confusion" for SELECT elements.

CVE-2014-1346
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Erling Ellingsen of Facebook.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
does not properly interpret Unicode encoding, which allows remote
attackers to spoof a postMessage origin, and bypass intended
restrictions on sending a message to a connected frame or window,
via crafted characters in a URL.

CVE-2014-1344
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Ian Beer of Google Project Zero.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1384
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1385
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1387
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1388
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1389
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1390
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.


For the 2.4 series, these problems have been fixed in release 2.4.8.

Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html

The WebKitGTK+ team,
January 26, 2015

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close