INFSA-2025:2034: webkit2gtk3 security update
Information about definition
Identificator: INFSA-2025:2034
Type: security
Release date: 2025-03-17 13:22:43 UTC
Information about package
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Vulnerabilities description
- CVE-2024-54543
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
- CVE-2025-24143
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
- CVE-2025-24150
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.
- CVE-2025-24158
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
- CVE-2025-24162
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-54543
|
no information | 8.8 | no information |
|
NIST — CVE-2025-24143
|
no information | 6.5 | no information |
|
NIST — CVE-2025-24150
|
no information | 8.8 | no information |
|
NIST — CVE-2025-24158
|
no information | 6.5 | no information |
|
NIST — CVE-2025-24162
|
no information | 8.8 | no information |
Updated packages