ASA-2019-00290 – WebKit: Multiple memory corruption

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00290

Identifier(s)

ASA-2019-00290, CVE-2019-8587, WSA-2019-0003

Title

Multiple memory corruption

Vendor(s)

The WebKitGTK Team
The WPE WebKit Team

Product(s)

WebKitGTK
WPE WebKit

Affected version(s)

WebKitGTK before 2.24.1
WPE WebKit before 2.24.1

Fixed version(s)

WebKitGTK version 2.24.1
WPE WebKit version 2.24.1

Proof of concept

Unknown

Description

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

Technical details

Unknown

Credits

G. Geshev (MWR labs)

Reference(s)

[webkit-gtk] WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://lists.webkit.org/pipermail/webkit-gtk/2019-May/003502.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://webkitgtk.org/security/WSA-2019-0003.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://wpewebkit.org/security/WSA-2019-0003.html

CVE-2019-8587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8587

CVE-2019-8587
https://nvd.nist.gov/vuln/detail/CVE-2019-8587

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 22, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.