Not to be fixed
Created: Mar 27, 2019
Updated: Mar 6, 2023
Resolved Date: Mar 6, 2023
Found In Version: unknown
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-8375 User=admin}
