CVE-2018-12293
CVE-2018-12293
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/45205/unverifiedexploitdbwww.exploit-db.com/exploits/45205unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.htmlhttps://bugs.webkit.org/show_bug.cgi?id=186384https://security.gentoo.org/glsa/201808-04https://trac.webkit.org/changeset/232618https://usn.ubuntu.com/3687-1/https://www.exploit-db.com/exploits/45205/http://www.openwall.com/lists/oss-security/2018/06/14/1http://www.securityfocus.com/archive/1/542087/100/0/threaded