INFSA-2025:3713: webkit2gtk3 security update
Information about definition
Identificator: INFSA-2025:3713
Type: security
Release date: 2025-04-29 14:19:30 UTC
Information about package
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Vulnerabilities description
- CVE-2024-44192
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54467
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
- CVE-2024-54551
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
- CVE-2025-24208
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
- CVE-2025-24209
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2025-24216
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
- CVE-2025-30427
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-44192
|
no information | 8.8 | no information |
|
NIST — CVE-2024-54467
|
no information | 6.5 | no information |
|
NIST — CVE-2024-54551
|
no information | 6.5 | no information |
|
NIST — CVE-2025-24208
|
no information | 6.1 | no information |
|
NIST — CVE-2025-24209
|
no information | 8.8 | no information |
|
NIST — CVE-2025-24216
|
no information | 8.8 | no information |
|
NIST — CVE-2025-30427
|
no information | 8.8 | no information |
Updated packages