ASA-2019-00285 – WebKit: Multiple memory corruption

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00285

Identifier(s)

ASA-2019-00285, CVE-2019-6237, WSA-2019-0003

Title

Multiple memory corruption

Vendor(s)

The WebKitGTK Team
The WPE WebKit Team

Product(s)

WebKitGTK
WPE WebKit

Affected version(s)

WebKitGTK before 2.24.1
WPE WebKit before 2.24.1

Fixed version(s)

WebKitGTK version 2.24.1
WPE WebKit version 2.24.1

Proof of concept

Unknown

Description

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

Technical details

Unknown

Credits

G. Geshev and Liu Long (Qihoo 360 Vulcan Team)

Reference(s)

[webkit-gtk] WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://lists.webkit.org/pipermail/webkit-gtk/2019-May/003502.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://webkitgtk.org/security/WSA-2019-0003.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://wpewebkit.org/security/WSA-2019-0003.html

CVE-2019-6237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6237

CVE-2019-6237
https://nvd.nist.gov/vuln/detail/CVE-2019-6237

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 22, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.