CVE-2017-1000122

Published: Nov 1, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.

Affected (1)

Products: Webkitgtk: Webkitgtk+

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webkitgtk Webkitgtk+	Before 2.16.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

http://trac.webkit.org/changeset/217206

Source: cve@mitre.org

Third Party Advisory

https://webkitgtk.org/security/WSA-2017-0007.html

Source: nvd@nist.gov

Vendor Advisory

http://trac.webkit.org/changeset/217206

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.