ASA-2019-00296 – WebKit: Out-of-bounds read

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00296

Identifier(s)

ASA-2019-00296, CVE-2019-8607, WSA-2019-0003

Title

Out-of-bounds read

Vendor(s)

The WebKitGTK Team

Product(s)

WebKitGTK
WPE WebKit

Affected version(s)

WebKitGTK before 2.24.2
WPE WebKit before 2.24.2

Fixed version(s)

WebKitGTK version 2.24.2
WPE WebKit version 2.24.2

Proof of concept

Unknown

Description

Processing maliciously crafted web content may result in the disclosure of process memory. An out-of-bounds read was addressed with improved input validation.

Technical details

Unknown

Credits

Junho Jang (LINE Security Team) and Hanul Choi (LINE Security Team)

Reference(s)

[webkit-gtk] WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://lists.webkit.org/pipermail/webkit-gtk/2019-May/003502.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://webkitgtk.org/security/WSA-2019-0003.html

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
https://wpewebkit.org/security/WSA-2019-0003.html

CVE-2019-8607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8607

CVE-2019-8607
https://nvd.nist.gov/vuln/detail/CVE-2019-8607

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 22, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.