View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-12293 severity moderate: SUSE including 9 source package names (libjavascriptcoregtk-4_0-18, libwebkit2gtk-4_0-37, …), 10 product×package rows across 2 product lines (SUSE Linux Enterprise Module for Basesystem 15 SP2, SUSE Linux Enterprise Module for Desktop Applications 15 SP2): Known Not Affected 10.
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.