CVE-2018-12293

HIGH

WebKit <2.20.3-2.20.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12293. PoCs published by PeregrineX.

AI-analyzed exploit summary This exploit demonstrates a heap-based buffer overflow in WebKitGTK+ and WPE WebKit due to an integer overflow in the `getImageData()` function. The PoC triggers the vulnerability by creating a large canvas and calling `getImageData()` with dimensions that cause an overflow.

Description

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.

Exploits (1)

exploitdb WORKING POC
by PeregrineX · textlocallinux
https://www.exploit-db.com/exploits/45205

This exploit demonstrates a heap-based buffer overflow in WebKitGTK+ and WPE WebKit due to an integer overflow in the `getImageData()` function. The PoC triggers the vulnerability by creating a large canvas and calling `getImageData()` with dimensions that cause an overflow.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: WebKitGTK+ <2.20.3, WPE WebKit <2.20.1
No auth needed
Prerequisites: A vulnerable version of WebKitGTK+ or WPE WebKit · A browser or application using the vulnerable WebKit version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://bugs.webkit.org/show_bug.cgi?id=186384
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201808-04
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/542087/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45205/
Patch, Third Party Advisory, Vendor Advisory x_refsource_misc
https://trac.webkit.org/changeset/232618
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3687-1/
Mailing List, Technical Description mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2018/06/14/1

Scores

CVSS v3 8.8
EPSS 0.1052
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-190 CWE-787
Status published
Products (5)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.10
canonical/ubuntu_linux 18.04
webkitgtk/webkitgtk\+ < 2.20.3
wpewebkit/wpe_webkit < 2.20.1
Published Jun 19, 2018
Tracked Since Feb 18, 2026