CVE-2019-8720

HIGH KEV

Webkitgtk < 2.26.0 - Memory Corruption

Title source: rule

Description

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

References (3)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1876611

[Vendor Advisory] https://webkitgtk.org/security/WSA-2019-0005.html

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720

Scores

CVSS v3 8.8

EPSS 0.0410

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-23

VulnCheck KEV 2022-05-23

InTheWild.io 2022-05-23

ENISA EUVD EUVD-2019-18110

CWE

CWE-119

Status published

Products (39)

redhat/codeready_linux_builder 8.0

redhat/codeready_linux_builder_eus 8.4

redhat/codeready_linux_builder_eus 8.6

redhat/codeready_linux_builder_for_arm64_eus 8.0

redhat/codeready_linux_builder_for_arm64_eus 8.4

redhat/codeready_linux_builder_for_arm64_eus 8.6

redhat/codeready_linux_builder_for_ibm_z_systems_eus 8.0

redhat/codeready_linux_builder_for_ibm_z_systems_eus 8.4

redhat/codeready_linux_builder_for_ibm_z_systems_eus 8.6

redhat/codeready_linux_builder_for_power_little_endian_eus 8.0

... and 29 more

Published Mar 06, 2023

KEV Added May 23, 2022

Tracked Since Feb 18, 2026