Vulnerability Description
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webkitgtk | Webkitgtk | 2.40.5 |
| Debian | Debian Linux | 11.0 |
| Fedoraproject | Fedora | 37 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202401-33
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831Third Party Advisory
- https://webkitgtk.org/security/WSA-2023-0009.htmlVendor Advisory
- https://www.debian.org/security/2023/dsa-5527Third Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202401-33
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831Third Party Advisory
- https://webkitgtk.org/security/WSA-2023-0009.htmlVendor Advisory
- https://www.debian.org/security/2023/dsa-5527Third Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1831
FAQ
What is CVE-2023-39928?
CVE-2023-39928 is a vulnerability with a CVSS score of 8.8 (HIGH). A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrar...
How severe is CVE-2023-39928?
CVE-2023-39928 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-39928?
Check the references section above for vendor advisories and patch information. Affected products include: Webkitgtk Webkitgtk, Debian Debian Linux, Fedoraproject Fedora.