what you don't know can hurt you

WebKitGTK+ DoS / Code Execution / Bypass

WebKitGTK+ DoS / Code Execution / Bypass
Posted Jan 27, 2015
Authored by WebKitGTK+ Team

The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
advisories | CVE-2013-2871, CVE-2013-2875, CVE-2013-2927, CVE-2014-1292, CVE-2014-1297, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339
MD5 | 99aff3f520687cae562fab1e9205a6a6

WebKitGTK+ DoS / Code Execution / Bypass

Change Mirror Download
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------

Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html
Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.
CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298,
CVE-2014-1299, CVE-2014-1300, CVE-2014-1303,
CVE-2014-1304, CVE-2014-1305, CVE-2014-1307,
CVE-2014-1308, CVE-2014-1309, CVE-2014-1311,
CVE-2014-1313, CVE-2014-1713, CVE-2014-1297,
CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,
CVE-2014-1326, CVE-2014-1329, CVE-2014-1330,
CVE-2014-1331, CVE-2014-1333, CVE-2014-1334,
CVE-2014-1335, CVE-2014-1336, CVE-2014-1337,
CVE-2014-1338, CVE-2014-1339, CVE-2014-1341,
CVE-2014-1342, CVE-2014-1343, CVE-2014-1731,
CVE-2014-1346, CVE-2014-1344, CVE-2014-1384,
CVE-2014-1385, CVE-2014-1387, CVE-2014-1388,
CVE-2014-1389, CVE-2014-1390.

Several vulnerabilities were discovered on the 2.4 stable series of
WebKitGTK+.

CVE-2013-2871
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to miaubiz.
Use-after-free vulnerability in Google Chrome before 28.0.1500.71
allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors related to the handling of
input.

CVE-2014-1292
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than CVE-2014-1289,
CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.

CVE-2014-1298
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1299
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1300
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero working with HP's Zero Day
Initiative.
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows
remote attackers to execute arbitrary code with root privileges via
unknown vectors, as demonstrated by Google during a Pwn4Fun
competition at CanSecWest 2014.

CVE-2014-1303
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to KeenTeam working with HP's Zero Day Initiative.
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote
attackers to execute arbitrary code and bypass a sandbox protection
mechanism via unspecified vectors, as demonstrated by Liang Chen
during a Pwn2Own competition at CanSecWest 2014.

CVE-2014-1304
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1305
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1307
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1308
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1309
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to cloudfuzzer.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1311
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1313
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1713
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to VUPEN working with HP's Zero Day Initiative.
Use-after-free vulnerability in the AttributeSetter function in
bindings/templates/attributes.cpp in the bindings in Blink, as used
in Google Chrome before 33.0.1750.152 on OS X and Linux and before
33.0.1750.154 on Windows, allows remote attackers to cause a denial
of service or possibly have unspecified other impact via vectors
involving the document.location value.

CVE-2014-1297
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
does not properly validate WebProcess IPC messages, which allows
remote attackers to bypass a sandbox protection mechanism and read
arbitrary files by leveraging WebProcess access.

CVE-2013-2875
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to miaubiz.
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in
Blink, as used in Google Chrome before 28.0.1500.71, allows remote
attackers to cause a denial of service (out-of-bounds read) via
unspecified vectors.

CVE-2013-2927
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
HTMLFormElement::prepareForSubmission function in
core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome
before 30.0.1599.101, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors
related to submission for FORM elements.

CVE-2014-1323
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to banty.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1326
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1329
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1330
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1331
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1333
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1334
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1335
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1336
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1337
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1338
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1339
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Atte Kettunen of OUSPG.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1341
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1342
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1343
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1731
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to an anonymous member of the Blink development community.
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink,
as used in Google Chrome before 34.0.1847.131 on Windows and OS X
and before 34.0.1847.132 on Linux, does not properly check renderer
state upon a focus event, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
vectors that leverage "type confusion" for SELECT elements.

CVE-2014-1346
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Erling Ellingsen of Facebook.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
does not properly interpret Unicode encoding, which allows remote
attackers to spoof a postMessage origin, and bypass intended
restrictions on sending a message to a connected frame or window,
via crafted characters in a URL.

CVE-2014-1344
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Ian Beer of Google Project Zero.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1384
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1385
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1387
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1388
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1389
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1390
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.


For the 2.4 series, these problems have been fixed in release 2.4.8.

Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html

The WebKitGTK+ team,
January 26, 2015

Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close