CVE-2021-45481

In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.

Weakness

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Affected Software

Name	Vendor	Start Version	End Version
Webkitgtk	Webkitgtk	*	2.32.4 (excluding)
Red Hat Enterprise Linux 8	RedHat	webkit2gtk3-0:2.34.6-1.el8	*
Qtwebkit-opensource-src	Ubuntu	bionic	*
Qtwebkit-opensource-src	Ubuntu	devel	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/bionic	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/focal	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/jammy	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/noble	*
Qtwebkit-opensource-src	Ubuntu	esm-infra/xenial	*
Qtwebkit-opensource-src	Ubuntu	focal	*
Qtwebkit-opensource-src	Ubuntu	impish	*
Qtwebkit-opensource-src	Ubuntu	jammy	*
Qtwebkit-opensource-src	Ubuntu	kinetic	*
Qtwebkit-opensource-src	Ubuntu	lunar	*
Qtwebkit-opensource-src	Ubuntu	mantic	*
Qtwebkit-opensource-src	Ubuntu	noble	*
Qtwebkit-opensource-src	Ubuntu	trusty	*
Qtwebkit-opensource-src	Ubuntu	upstream	*
Qtwebkit-opensource-src	Ubuntu	xenial	*
Qtwebkit-source	Ubuntu	bionic	*
Qtwebkit-source	Ubuntu	esm-apps/bionic	*
Qtwebkit-source	Ubuntu	esm-apps/xenial	*
Qtwebkit-source	Ubuntu	trusty	*
Qtwebkit-source	Ubuntu	xenial	*
Webkit2gtk	Ubuntu	bionic	*
Webkit2gtk	Ubuntu	devel	*
Webkit2gtk	Ubuntu	esm-infra/bionic	*
Webkit2gtk	Ubuntu	esm-infra/xenial	*
Webkit2gtk	Ubuntu	focal	*
Webkit2gtk	Ubuntu	impish	*
Webkit2gtk	Ubuntu	jammy	*
Webkit2gtk	Ubuntu	kinetic	*
Webkit2gtk	Ubuntu	lunar	*
Webkit2gtk	Ubuntu	mantic	*
Webkit2gtk	Ubuntu	noble	*
Webkit2gtk	Ubuntu	upstream	*
Webkit2gtk	Ubuntu	xenial	*
Webkitgtk	Ubuntu	bionic	*
Webkitgtk	Ubuntu	esm-apps/bionic	*
Webkitgtk	Ubuntu	esm-apps/xenial	*
Webkitgtk	Ubuntu	trusty	*
Webkitgtk	Ubuntu	xenial	*
Wpewebkit	Ubuntu	esm-apps/focal	*
Wpewebkit	Ubuntu	esm-apps/jammy	*
Wpewebkit	Ubuntu	focal	*
Wpewebkit	Ubuntu	impish	*
Wpewebkit	Ubuntu	jammy	*
Wpewebkit	Ubuntu	trusty	*

Potential Mitigations

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
For example, glibc in Linux provides protection against free of invalid pointers.
When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-45481
CWE	https://cwe.mitre.org/data/definitions/401.html

Missing Release of Memory after Effective Lifetime

Weakness

Affected Software

Potential Mitigations

References