Severity: Critical
Date : 2022-07-29
CVE-ID : CVE-2022-32792 CVE-2022-32816
Package : webkit2gtk
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2790
The package webkit2gtk before version 2.36.5-1 is vulnerable to
multiple issues including arbitrary code execution and content
spoofing.
Upgrade to 2.36.5-1.
The problems have been fixed upstream in version 2.36.5.
None.
Processing maliciously crafted web content may lead to arbitrary code
execution.
Visiting a website that frames malicious content may lead to UI
spoofing.
An attacker is able to remotely execute arbitrary code on an affected
host and spoof a website’s content by using maliciously crafted web
content.
https://webkitgtk.org/security/WSA-2022-0007.html
https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792
https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816
https://security.archlinux.org/CVE-2022-32792
https://security.archlinux.org/CVE-2022-32816
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | webkit2gtk | < 2.36.5-1 | UNKNOWN |