ASA-2019-00287 – WebKit: Multiple memory corruption

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00287

Identifier(s)

ASA-2019-00287, CVE-2019-8583, WSA-2019-0003

Title

Multiple memory corruption

Vendor(s)

The WebKitGTK Team
The WPE WebKit Team

Product(s)

WebKitGTK
WPE WebKit

Affected version(s)

WebKitGTK before 2.24.0
WPE WebKit before 2.24.0

Fixed version(s)

WebKitGTK version 2.24.0
WPE WebKit version 2.24.0

Proof of concept

Unknown

Description

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

Technical details

Unknown

Credits

sakura (Tencent Xuanwu Lab), jessica (Tencent Keen Lab) and dwfault (ADLab of Venustech)

Reference(s)

[webkit-gtk] WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://lists.webkit.org/pipermail/webkit-gtk/2019-May/003502.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://webkitgtk.org/security/WSA-2019-0003.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://wpewebkit.org/security/WSA-2019-0003.html

CVE-2019-8583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8583

CVE-2019-8583
https://nvd.nist.gov/vuln/detail/CVE-2019-8583

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 22, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.