CVE-2020-13584

HIGH

WebKitGTK 2.30.1 - Use-After-Free via Crafted HTML Web Page

Title source: llm
STIX 2.1

Description

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202012-10
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195

Scores

CVSS v3 8.8
EPSS 0.0445
EPSS Percentile 90.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
fedoraproject/fedora 32
webkitgtk/webkitgtk 2.30.1
Published Dec 03, 2020
Tracked Since Feb 18, 2026