Skip to main content

Webkitgtk CVE-2021-45481

MEDIUM
Memory Leak (CWE-401)
2021-12-25 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 25, 2021 - 01:15 nvd
MEDIUM 6.5

DescriptionNVD

In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.

AnalysisAI

In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. Affected products include: Webkitgtk. Version information: before 2.32.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.

CVE-2018-4162 HIGH POC
8.8 Apr 03

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-2363 MEDIUM POC
6.5 Feb 20

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2017-2373 HIGH POC
8.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-2365 MEDIUM POC
6.5 Feb 20

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2019-8375 CRITICAL POC
9.8 Feb 24

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products

CVE-2017-2369 HIGH POC
8.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2021-21806 HIGH POC
8.8 Jul 08

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. Rated high severity (CVSS 8.

CVE-2021-21779 HIGH POC
8.8 Jul 08

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Ra

CVE-2020-13584 HIGH POC
8.8 Dec 03

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.

CVE-2020-13543 HIGH POC
8.8 Dec 03

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. Rated high severity (CV

CVE-2018-12293 HIGH POC
8.8 Jun 19

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKi

CVE-2017-2360 HIGH POC
7.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati

Share

CVE-2021-45481 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy