OpenCVE

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.46.3-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:9636	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
webkit2gtk3-0:2.46.3-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:9680	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
webkit2gtk3-0:2.46.3-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:9679	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
webkit2gtk3-0:2.46.3-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:9679	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
webkit2gtk3-0:2.46.3-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:9679	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
webkit2gtk3-0:2.46.3-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2024:9653	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
webkit2gtk3-0:2.46.3-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2024:9653	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
webkit2gtk3-0:2.46.3-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2024:9653	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
webkit2gtk3-0:2.46.3-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:9646	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.46.1-2.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:8180	2024-10-16T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
webkit2gtk3-0:2.46.1-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:8496	2024-10-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
webkit2gtk3-0:2.46.1-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:8492	2024-10-28T00:00:00Z

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/15
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/17
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/22
http://seclists.org/fulldisclosure/2024/Jul/23
https://nvd.nist.gov/vuln/detail/CVE-2024-40782
https://support.apple.com/en-us/HT214116
https://support.apple.com/en-us/HT214117
https://support.apple.com/en-us/HT214119
https://support.apple.com/en-us/HT214121
https://support.apple.com/en-us/HT214122
https://support.apple.com/en-us/HT214123
https://support.apple.com/en-us/HT214124
https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782
https://www.cve.org/CVERecord?id=CVE-2024-40782

History

Sat, 16 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6
Vendors & Products		Redhat rhel Aus Redhat rhel Tus

Tue, 29 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.2
Vendors & Products		Redhat rhel E4s Redhat rhel Eus

Thu, 17 Oct 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Mon, 26 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
Title	webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution	webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management
References		https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782
Metrics	threat_severity `Important`	threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-07-29T22:17:16.599Z

Updated: 2024-08-02T04:39:54.715Z

Reserved: 2024-07-10T17:11:04.688Z

Link: CVE-2024-40782

Vulnrichment

Updated: 2024-08-02T04:39:54.715Z

NVD

Status : Awaiting Analysis

Published: 2024-07-29T23:15:11.790

Modified: 2024-11-21T09:31:36.917

Link: CVE-2024-40782

Redhat

Severity : Moderate

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-40782 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object