CVE-2024-44185
Publication date 24 October 2024
Last updated 13 November 2024
Ubuntu priority
Cvss 3 Severity Score
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Status
Package | Ubuntu Release | Status |
---|---|---|
qtwebkit-opensource-src | 24.10 oracular | Ignored |
24.04 LTS noble | Ignored | |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Ignored | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
qtwebkit-source | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
webkit2gtk | 24.10 oracular |
Fixed 2.46.1-0ubuntu1
|
24.04 LTS noble |
Fixed 2.46.1-0ubuntu0.24.04.1
|
|
22.04 LTS jammy |
Fixed 2.46.1-0ubuntu0.22.04.3
|
|
20.04 LTS focal | Ignored | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
webkitgtk | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
wpewebkit | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Ignored |
Notes
jdstrand
webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
mdeslaur
It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking as ignored. wpewebkit isn't used by anything of importance in the archive, except for cog, an example container for wpewebkit. There is no point in attempting to backport newer wpewebkit versions to the archive. As such, marking as ignored. It is not feasible to fix webkitgtk, qtwebkit-source, and qtwebkit-opensource-src. Marking them as ignored.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |