exploit the possibilities

WebKitGTK+ / WPE WebKit Code Execution

WebKitGTK+ / WPE WebKit Code Execution
Posted May 21, 2019
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities and various other issues that can lead to code execution. Multiple versions are affected.

tags | advisory, vulnerability, code execution
advisories | CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623
MD5 | 4efa5f06b30e1cade3b477e41a750ae0

WebKitGTK+ / WPE WebKit Code Execution

Change Mirror Download
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
------------------------------------------------------------------------

Date reported : May 20, 2019
Advisory ID : WSA-2019-0003
WebKitGTK Advisory URL :
https://webkitgtk.org/security/WSA-2019-0003.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2019-0003.html
CVE identifiers : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583,
CVE-2019-8584, CVE-2019-8586, CVE-2019-8587,
CVE-2019-8594, CVE-2019-8595, CVE-2019-8596,
CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,
CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,
CVE-2019-8615, CVE-2019-8611, CVE-2019-8619,
CVE-2019-8622, CVE-2019-8623.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2019-6237
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative,
Liu Long of Qihoo 360 Vulcan Team.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8571
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to 01 working with Trend Micro's Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8583
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of
Tencent Keen Lab, and dwfault working at ADLab of Venustech.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8584
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev of MWR Labs working with Trend Micro Zero Day
Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8586
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to an anonymous researcher.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8587
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8594
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Suyoung Lee and Sooel Son of KAIST Web Security & Privacy
Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8595
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day
Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8596
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Wen Xu of SSLab at Georgia Tech.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8597
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to 01 working with Trend Micro Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8601
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Fluoroacetate working with Trend Micro's Zero Day
Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8607
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to Junho Jang and Hanul Choi of LINE Security Team.
Processing maliciously crafted web content may result in the
disclosure of process memory. An out-of-bounds read was addressed
with improved input validation.

CVE-2019-8608
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8609
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Wen Xu of SSLab, Georgia Tech.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8610
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Anonymous working with Trend Micro Zero Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8615
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to G. Geshev from MWR Labs working with Trend Micro's Zero
Day Initiative.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8611
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Groß of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8619
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8622
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Groß of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.

CVE-2019-8623
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Groß of Google Project Zero.
Processing maliciously crafted web content may lead to arbitrary
code execution. Multiple memory corruption issues were addressed
with improved memory handling.


We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.

Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK and WPE WebKit team,
May 20, 2019


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    14 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close