CVE-2018-11646
Last modified
CVE-2018-11646 is a vulnerability of currently unknown severity. webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.. EPSS estimates a 69.02% chance of exploitation in the next 30 days.
Description
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Webkitgtk | Webkitgtk\+ | <= 2.21.3 |
References
- https://bugs.webkit.org/show_bug.cgi?id=186164Issue Tracking, Patch, Vendor Advisory
- https://bugzilla.gnome.org/show_bug.cgi?id=795740Exploit, Issue Tracking, Third Party Advisory
- https://security.gentoo.org/glsa/201808-04Third Party Advisory
- https://www.exploit-db.com/exploits/44842/Exploit, Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/44876/Exploit, Third Party Advisory, VDB Entry
- https://bugs.webkit.org/show_bug.cgi?id=186164Issue Tracking, Patch, Vendor Advisory
- https://bugzilla.gnome.org/show_bug.cgi?id=795740Exploit, Issue Tracking, Third Party Advisory
- https://security.gentoo.org/glsa/201808-04Third Party Advisory
- https://www.exploit-db.com/exploits/44842/Exploit, Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/44876/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11646?
How severe is CVE-2018-11646?
How do I fix CVE-2018-11646?
Are you affected by CVE-2018-11646?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST