Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-5155-1 wpewebkit -- security update

Related Vulnerabilities: CVE-2022-26700   CVE-2022-26709   CVE-2022-26716   CVE-2022-26717   CVE-2022-26719   CVE-2022-30293   CVE-2022-30294  

The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-26700 ryuzaki discovered that processing maliciously crafted web content may lead to code execution. CVE-2022-26709 Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-26716 SorryMybad discovered that Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-26717 Jeonghoon Shin discovered that Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-26719 Dongzhuo Zhao discovered that Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-30293 Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary code execution or to a denial of service (application crash). CVE-2022-30294 Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary code execution or to a denial of service (application crash). For the stable distribution (bullseye), these problems have been fixed in version 2.36.3-1~deb11u1. We recommend that you upgrade your wpewebkit packages. For the detailed security status of wpewebkit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpewebkit

Source

Debian Security Advisory

DSA-5155-1 wpewebkit -- security update

Date Reported:
01 Jun 2022
Affected Packages:
wpewebkit
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2022-26700, CVE-2022-26709, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293, CVE-2022-30294.
More information:

The following vulnerabilities have been discovered in the WPE WebKit web engine:

  • CVE-2022-26700

    ryuzaki discovered that processing maliciously crafted web content may lead to code execution.

  • CVE-2022-26709

    Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2022-26716

    SorryMybad discovered that Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2022-26717

    Jeonghoon Shin discovered that Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2022-26719

    Dongzhuo Zhao discovered that Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2022-30293

    Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary code execution or to a denial of service (application crash).

  • CVE-2022-30294

    Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary code execution or to a denial of service (application crash).

For the stable distribution (bullseye), these problems have been fixed in version 2.36.3-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpewebkit

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started