Vulnerability Description
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webkitgtk | Webkitgtk | <= 2.26.4 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2014/02/10/13Mailing ListThird Party Advisory
- https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7324.htmlThird Party Advisory
- https://www.openwall.com/lists/oss-security/2013/10/08/4Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/02/10/13Mailing ListThird Party Advisory
- https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7324.htmlThird Party Advisory
- https://www.openwall.com/lists/oss-security/2013/10/08/4Mailing ListThird Party Advisory
FAQ
What is CVE-2013-7324?
CVE-2013-7324 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavio...
How severe is CVE-2013-7324?
CVE-2013-7324 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7324?
Check the references section above for vendor advisories and patch information. Affected products include: Webkitgtk Webkitgtk.