Summaryinfo

A vulnerability described as problematic has been identified in WebkitGTK+ up to 2.0.2. This affects the function RenderBlock::addChildIgnoringAnonymousColumnBlocks of the file rendering/RenderBlock.cpp. The manipulation results in denial of service. Furthermore, there is an exploit available. A patch should be applied to remediate this issue.

Detailsinfo

A vulnerability classified as problematic has been found in WebkitGTK+ up to 2.0.2 (Web Browser). Affected is the function RenderBlock::addChildIgnoringAnonymousColumnBlocks of the file rendering/RenderBlock.cpp. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability.

The weakness was shared 05/23/2013 as 150611 as not defined bulletin (Website). The advisory is available at trac.webkit.org. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known.

It is declared as proof-of-concept.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at trac.webkit.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at OSVDB (93649†). The entry VDB-8870 is related to this item. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Web Browser

Name

• WebkitGTK+

Version

• 2.0.0
• 2.0.1
• 2.0.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion