what you don't know can hurt you

WebKitGTK+ DoS / Code Execution / Bypass

WebKitGTK+ DoS / Code Execution / Bypass
Posted Jan 27, 2015
Authored by WebKitGTK+ Team

The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
advisories | CVE-2013-2871, CVE-2013-2875, CVE-2013-2927, CVE-2014-1292, CVE-2014-1297, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339
MD5 | 99aff3f520687cae562fab1e9205a6a6

WebKitGTK+ DoS / Code Execution / Bypass

Change Mirror Download
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------

Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html
Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.
CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298,
CVE-2014-1299, CVE-2014-1300, CVE-2014-1303,
CVE-2014-1304, CVE-2014-1305, CVE-2014-1307,
CVE-2014-1308, CVE-2014-1309, CVE-2014-1311,
CVE-2014-1313, CVE-2014-1713, CVE-2014-1297,
CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,
CVE-2014-1326, CVE-2014-1329, CVE-2014-1330,
CVE-2014-1331, CVE-2014-1333, CVE-2014-1334,
CVE-2014-1335, CVE-2014-1336, CVE-2014-1337,
CVE-2014-1338, CVE-2014-1339, CVE-2014-1341,
CVE-2014-1342, CVE-2014-1343, CVE-2014-1731,
CVE-2014-1346, CVE-2014-1344, CVE-2014-1384,
CVE-2014-1385, CVE-2014-1387, CVE-2014-1388,
CVE-2014-1389, CVE-2014-1390.

Several vulnerabilities were discovered on the 2.4 stable series of
WebKitGTK+.

CVE-2013-2871
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to miaubiz.
Use-after-free vulnerability in Google Chrome before 28.0.1500.71
allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors related to the handling of
input.

CVE-2014-1292
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than CVE-2014-1289,
CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.

CVE-2014-1298
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1299
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1300
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero working with HP's Zero Day
Initiative.
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows
remote attackers to execute arbitrary code with root privileges via
unknown vectors, as demonstrated by Google during a Pwn4Fun
competition at CanSecWest 2014.

CVE-2014-1303
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to KeenTeam working with HP's Zero Day Initiative.
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote
attackers to execute arbitrary code and bypass a sandbox protection
mechanism via unspecified vectors, as demonstrated by Liang Chen
during a Pwn2Own competition at CanSecWest 2014.

CVE-2014-1304
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1305
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1307
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1308
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1309
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to cloudfuzzer.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1311
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1313
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.

CVE-2014-1713
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to VUPEN working with HP's Zero Day Initiative.
Use-after-free vulnerability in the AttributeSetter function in
bindings/templates/attributes.cpp in the bindings in Blink, as used
in Google Chrome before 33.0.1750.152 on OS X and Linux and before
33.0.1750.154 on Windows, allows remote attackers to cause a denial
of service or possibly have unspecified other impact via vectors
involving the document.location value.

CVE-2014-1297
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
does not properly validate WebProcess IPC messages, which allows
remote attackers to bypass a sandbox protection mechanism and read
arbitrary files by leveraging WebProcess access.

CVE-2013-2875
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to miaubiz.
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in
Blink, as used in Google Chrome before 28.0.1500.71, allows remote
attackers to cause a denial of service (out-of-bounds read) via
unspecified vectors.

CVE-2013-2927
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
HTMLFormElement::prepareForSubmission function in
core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome
before 30.0.1599.101, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors
related to submission for FORM elements.

CVE-2014-1323
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to banty.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1326
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1329
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1330
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1331
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1333
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1334
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1335
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1336
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1337
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1338
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1339
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Atte Kettunen of OUSPG.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1341
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1342
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1343
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1731
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to an anonymous member of the Blink development community.
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink,
as used in Google Chrome before 34.0.1847.131 on Windows and OS X
and before 34.0.1847.132 on Linux, does not properly check renderer
state upon a focus event, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
vectors that leverage "type confusion" for SELECT elements.

CVE-2014-1346
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Erling Ellingsen of Facebook.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
does not properly interpret Unicode encoding, which allows remote
attackers to spoof a postMessage origin, and bypass intended
restrictions on sending a message to a connected frame or window,
via crafted characters in a URL.

CVE-2014-1344
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Ian Beer of Google Project Zero.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.

CVE-2014-1384
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1385
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1387
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1388
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1389
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.

CVE-2014-1390
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.


For the 2.4 series, these problems have been fixed in release 2.4.8.

Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html

The WebKitGTK+ team,
January 26, 2015

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close