Wpewebkit: >> Wpe Webkit >> 2.19.92 Security Vulnerabilities
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
CVSS Score
8.1
EPSS Score
0.025
Published
2019-01-14
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
CVSS Score
8.8
EPSS Score
0.401
Published
2018-06-19
Page 3