WebKitGTK+ Security Advisory WSA-2017-0007

• Date Reported: August 25, 2017

• Advisory ID: WSA-2017-0007

• CVE identifiers: CVE-2017-1000121, CVE-2017-1000122.

Several vulnerabilities were discovered in WebKitGTK+.

• CVE-2017-1000121
  • Versions affected: WebKitGTK+ before 2.16.3.
  • Credit to Nathan Crandall.
  • Impact: Processing maliciously crafted input may lead to arbitrary code execution or application crash. Description: An input validation issue on the handling of UNIX IPC messages may allow an attacker to trigger an integer overflow. The issue was addressed through improved state management.
• CVE-2017-1000122
  • Versions affected: WebKitGTK+ before 2.16.3.
  • Credit to Nathan Crandall.
  • Impact: Processing maliciously crafted input may lead to application crash. Description: An input validation issue on the handling of UNIX IPC messages allows an attacker to trigger an application crash. The issue was addressed through improved state management.

We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.

Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html