Debian DSA-4681-1 Critical: Webkit2gtk Arbitrary Code Execution
debian
May 7, 2020
The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-3885
Topics Covered
Summary
CVE-2020-3885
Ryan Pickren discovered that a file URL may be incorrectly
processed.
CVE-2020-3894
Sergei Glazunov discovered that a race condition may allow an
application to read restricted memory.
CVE-2020-3895
grigoritchy discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2020-3897
Brendan Draper discovered that a remote attacker may be able to
cause arbitrary code execution.
CVE-2020-3899
OSS-Fuzz discovered that A remote attacker may be able to cause
arbitrary code execution.
CVE-2020-3900
Dongzhuo Zhao discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2020-3901
Benjamin Randazzo discovered that processing maliciously crafted
web content may lead to arbitrary code execution.
CVE-2020-3902
Yigit Can Yilmaz discovered that processing maliciously crafted
web content may lead to a cross site scripting attack.
For the stable distribution (buste...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: webkit2gtk
CVE ID: CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!