A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel E4s
  • Rhel Eus

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.46.1-2.el9_4 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:8180 2024-10-16T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
webkit2gtk3-0:2.46.1-1.el9_0 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2024:8496 2024-10-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
webkit2gtk3-0:2.46.1-1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:8492 2024-10-28T00:00:00Z
References
Link Providers
http://seclists.org/fulldisclosure/2024/Jul/15 cve-icon cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Jul/16 cve-icon cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Jul/17 cve-icon cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Jul/18 cve-icon cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Jul/21 cve-icon cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Jul/22 cve-icon cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Jul/23 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-40782 cve-icon
https://support.apple.com/en-us/HT214116 cve-icon cve-icon cve-icon
https://support.apple.com/en-us/HT214117 cve-icon cve-icon cve-icon
https://support.apple.com/en-us/HT214119 cve-icon cve-icon cve-icon
https://support.apple.com/en-us/HT214121 cve-icon cve-icon cve-icon
https://support.apple.com/en-us/HT214122 cve-icon cve-icon cve-icon
https://support.apple.com/en-us/HT214123 cve-icon cve-icon cve-icon
https://support.apple.com/en-us/HT214124 cve-icon cve-icon cve-icon
https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-40782 cve-icon
History

Tue, 29 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat rhel E4s
Redhat rhel Eus

Thu, 17 Oct 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Mon, 26 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
Title webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management
References
Metrics threat_severity

Important

 threat_severity

Moderate
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-07-29T22:17:16.599Z

Updated: 2024-08-02T04:39:54.715Z

Reserved: 2024-07-10T17:11:04.688Z

Link: CVE-2024-40782

cve-icon Vulnrichment

Updated: 2024-08-02T04:39:54.715Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-29T23:15:11.790

Modified: 2024-08-01T13:58:03.853

Link: CVE-2024-40782

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-40782 - Bugzilla