CVE-2021-21806
HIGHWebKitGTK 2.30.3 - Use-After-Free via Crafted HTML Web Page
Title source: llmDescription
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/07/23/1
Scores
CVSS v3
8.8
EPSS
0.0282
EPSS Percentile
84.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
webkitgtk/webkitgtk
2.30.3
Published
Jul 08, 2021
Tracked Since
Feb 18, 2026