Home CVE Database CVE-2017-1000121

CVE-2017-1000121

Description

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.

Priority: HIGH
CVSS v3: 9.8
Publish Date: Nov 1, 2017
Related ID: --
CVSS v2: Critical
Modified Date: Nov 1, 2017

Find out more about CVE-2017-1000121 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Not Vulnerable -- -- --
Wind River Linux 8 Fixed LIN8-8219
8.0.0.24 --
Wind River Linux 9 Fixed LIN9-5816
9.0.0.13 --
Wind River Linux 7 Fixed -- 7.0.0.27 --
Wind River Linux LTS 18 Not Vulnerable -- -- --
Wind River Linux LTS 19 Not Vulnerable -- -- --
Wind River Linux CD release Not Vulnerable -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads

Comments

webkit

Live chat
Online