INFSA-2025:0145: webkit2gtk3 security update
Information about definition
Identificator: INFSA-2025:0145
Type: security
Release date: 2025-01-21 17:58:04 UTC
Information about package
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Vulnerabilities description
- CVE-2024-54479
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54502
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54505
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
- CVE-2024-54508
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-54479
|
no information | 7.5 | no information |
|
NIST — CVE-2024-54502
|
no information | 6.5 | no information |
|
NIST — CVE-2024-54505
|
no information | 8.8 | no information |
|
NIST — CVE-2024-54508
|
no information | 6.5 | no information |
Updated packages