Lucene search
Jeonghoon Shin at TheoriZDI-22-517HistoryMar 22, 2022 - 12:00 a.m.
Apple Safari WebGLMultiDraw Heap-based Buffer Overflow Remote Code Execution Vulnerability
2022-03-2200:00:00
Jeonghoon Shin at Theori
www.zerodayinitiative.com
34
apple safari
webglmultidraw
buffer overflow
remote code execution
user interaction
validation
heap-based buffer
EPSS
0.004
Percentile
72.9%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebGLMultiDraw component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.
References
Related
prion
prion
Buffer overflow
2022-09-23 20:15:00
debiancve
debiancve
CVE-2022-22629
2022-09-23 20:15:09
redhatcve
redhatcve
CVE-2022-22629
2022-04-11 05:32:04
nvd
nvd
CVE-2022-22629
2022-09-23 20:15:09
veracode
veracode
Buffer Overflow
2022-04-18 18:41:58
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Apple Itunes
2022-09-09 17:21:27
cve
cve
CVE-2022-22629
2022-09-23 20:15:09
alpinelinux
alpinelinux
CVE-2022-22629
2022-09-23 20:15:09
ubuntucve
ubuntucve
CVE-2022-22629
2022-04-08 00:00:00
cvelist
cvelist
CVE-2022-22629
2022-09-23 19:02:49
debian
debian
[SECURITY] [DSA 5115-1] webkit2gtk security update
2022-04-08 23:36:49
[SECURITY] [DSA 5116-1] wpewebkit security update
2022-04-08 23:37:04
osv
osv
webkit2gtk - security update
2022-04-08 00:00:00
wpewebkit - security update
2022-04-08 00:00:00
webkit2gtk vulnerabilities
2022-04-28 12:40:40
mageia
mageia
Updated webkit2 packages fix security vulnerability
2022-04-13 19:06:19
nessus
nessus
Apple iTunes < 12.12.3 Multiple Vulnerabilities (credentialed check)
2022-03-15 00:00:00
Ubuntu 20.04 LTS : WebKitGTK vulnerabilities (USN-5394-1)
2022-04-28 00:00:00
Apple iTunes < 12.12.3 Multiple Vulnerabilities (uncredentialed check)
2022-03-15 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0139)
2022-04-14 00:00:00
Debian: Security Advisory (DSA-5115-1)
2022-04-20 00:00:00
Debian: Security Advisory (DSA-5116-1)
2022-04-20 00:00:00
ubuntu
ubuntu
WebKitGTK vulnerabilities
2022-04-28 00:00:00
apple
apple
About the security content of iTunes 12.12.3 for Windows
2022-03-08 00:00:00
About the security content of Safari 15.4
2022-03-15 00:00:00
About the security content of tvOS 15.4
2022-03-14 00:00:00
kaspersky
kaspersky
KLA12486 Multiple vulnerabilities in Apple iTunes
2022-03-08 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2022-04-27 00:00:00
rocky
rocky
webkit2gtk3 security and bug fix update
2022-11-08 06:26:46
webkit2gtk3 security and bug fix update
2022-11-15 06:14:22
almalinux
almalinux
Moderate: webkit2gtk3 security and bug fix update
2022-11-15 00:00:00
Moderate: webkit2gtk3 security and bug fix update
2022-11-08 00:00:00
oraclelinux
oraclelinux
webkit2gtk3 security and bug fix update
2022-11-15 00:00:00
webkit2gtk3 security and bug fix update
2022-11-22 00:00:00
redhat
redhat
(RHSA-2022:7704) Moderate: webkit2gtk3 security and bug fix update
2022-11-08 06:26:46
(RHSA-2022:8054) Moderate: webkit2gtk3 security and bug fix update
2022-11-15 06:14:22
(RHSA-2023:0918) Moderate: Service Binding Operator security update
2023-02-27 00:54:13
gentoo
gentoo
WebKitGTK+: Multiple Vulnerabilities
2022-08-31 00:00:00