suse · CVE-2018-12293

Quick triage

Priority: medium Published: 2021-05-30 14:14:07 UTC Updated: 2026-04-17 15:24:00 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-12293 severity moderate: SUSE including 9 source package names (libjavascriptcoregtk-4_0-18, libwebkit2gtk-4_0-37, …), 10 product×package rows across 2 product lines (SUSE Linux Enterprise Module for Basesystem 15 SP2, SUSE Linux Enterprise Module for Desktop Applications 15 SP2): Known Not Affected 10.

Description:

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.

cvelogic Threat Intelligence