{"id":"MGASA-2025-0291","summary":"Updated webkit2 packages fix security vulnerabilities","details":"CVE-2024-27838 A maliciously crafted webpage may be able to fingerprint\nthe user. Description: The issue was addressed by adding additional\nlogic.\nCVE-2024-27851 Processing maliciously crafted web content may lead to\narbitrary code execution. Description: The issue was addressed with\nimproved bounds checks.\nCVE-2024-40776 Processing maliciously crafted web content may lead to an\nunexpected process crash. Description: A use-after-free issue was\naddressed with improved memory management.\nCVE-2024-40779 / CVE-2024-40780 Processing maliciously crafted web\ncontent may lead to an unexpected process crash. Description: An\nout-of-bounds read was addressed with improved bounds checking.\nCVE-2024-40782 Processing maliciously crafted web content may lead to an\nunexpected process crash. Description: A use-after-free issue was\naddressed with improved memory management.\nCVE-2024-40789 Processing maliciously crafted web content may lead to an\nunexpected process crash. Description: An out-of-bounds access issue was\naddressed with improved bounds checking.\nCVE-2024-4558 Processing maliciously crafted web content may lead to an\nunexpected process crash. Description: Use after free in ANGLE allowed a\nremote attacker to potentially exploit heap corruption via a crafted\nHTML page.\n","modified":"2026-04-16T00:10:26.535116868Z","published":"2025-11-14T16:41:49Z","upstream":["CVE-2024-27838","CVE-2024-27851","CVE-2024-40776","CVE-2024-40779","CVE-2024-40780","CVE-2024-40782","CVE-2024-40789","CVE-2024-4558"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0291.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33513"},{"type":"WEB","url":"https://webkitgtk.org/release/webkitgtk-2.44.4.html"},{"type":"WEB","url":"https://webkitgtk.org/2024/08/13/webkitgtk2.44.3-released.html"},{"type":"WEB","url":"https://webkitgtk.org/security/WSA-2024-0004.html"}],"affected":[{"package":{"name":"webkit2","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/webkit2?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.44.4-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0291.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}