ASA-2019-00291 – WebKit: Multiple memory corruption

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00291

Identifier(s)

ASA-2019-00291, CVE-2019-8594, WSA-2019-0003

Title

Multiple memory corruption

Vendor(s)

The WebKitGTK Team
The WPE WebKit Team

Product(s)

WebKitGTK
WPE WebKit

Affected version(s)

WebKitGTK before 2.24.0
WPE WebKit before 2.24.0

Fixed version(s)

WebKitGTK version 2.24.0
WPE WebKit version 2.24.0

Proof of concept

Unknown

Description

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

Technical details

Unknown

Credits

Suyoung Lee (KAIST Web Security & Privacy Lab), Sooel Son (KAIST Web Security & Privacy Lab), HyungSeok Han (KAIST SoftSec Lab) and Sang Kil Cha (KAIST SoftSec Lab)

Reference(s)

[webkit-gtk] WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://lists.webkit.org/pipermail/webkit-gtk/2019-May/003502.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://webkitgtk.org/security/WSA-2019-0003.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://wpewebkit.org/security/WSA-2019-0003.html

CVE-2019-8594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8594

CVE-2019-8594
https://nvd.nist.gov/vuln/detail/CVE-2019-8594

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 22, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.