Vulnerabilities > CVE-2023-39928 - Use After Free vulnerability in multiple products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-10-06

Updated: 2024-01-31

Summary

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Webkitgtk Webkitgtk Webkitgtk 2.40.5	1
OS	Debian Debian Debian Linux 11.0 Debian Debian Linux 12.0	2
OS	Fedoraproject Fedoraproject Fedora 37	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831
https://webkitgtk.org/security/WSA-2023-0009.html
https://www.debian.org/security/2023/dsa-5527
https://lists.fedoraproject.org/archives/list/[email protected]/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/
https://security.gentoo.org/glsa/202401-33