VDB

CVE-2018-12293

CVE-2018-12293 PUBLISHED

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.

EPSS 39.00% · 97.4th percentile

Risk Scores

EPSS Score
39.00%
97.4th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSqtwebkit-source0, 2.3.2-0ubuntu10, 2.3.2-0ubuntu11
Ubuntu:20.04:LTSqtwebkit-opensource-src5.212.0~alpha3-6, 5.212.0~alpha3-7, 5.212.0~alpha4-1ubuntu1
Ubuntu:18.04:LTSwebkitgtk2.4.11-3ubuntu3, 0, 2.4.11-3
Ubuntu:16.04:LTSwebkitgtk0, 2.4.9-2ubuntu2, 2.4.11-0ubuntu0.1
Ubuntu:16.04:LTSwebkit2gtk2.16.2-0ubuntu0.16.04.1, 2.16.1-0ubuntu0.16.04.2, 2.16.1-0ubuntu0.16.04.1
Ubuntu:22.04:LTSqtwebkit-opensource-src5.212.0~alpha4-14ubuntu2, 0, 5.212.0~alpha4-12
Ubuntu:18.04:LTSqtwebkit-opensource-src5.9.1+dfsg-5ubuntu1, 0, *
Ubuntu:18.04:LTSwebkit2gtk2.20.0-1, 2.19.92-1, 2.19.91-1ubuntu1
Ubuntu:18.04:LTSqtwebkit-source2.3.2-0ubuntu13, 0
Ubuntu:16.04:LTSqtwebkit-opensource-src0, 5.5.1+dfsg-2ubuntu1, 5.4.2+dfsg-1ubuntu2.1
Ubuntu:24.04:LTSqtwebkit-opensource-src0, 5.212.0~alpha4-34ubuntu3, 5.212.0~alpha4-33

Exploit Intelligence

Timeline

  • Jun 14, 2018 CVE Published
  • Aug 16, 2018 PoC Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 8, 2023 EPSS Score
  • May 13, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›