The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | * | 17.2 (excluding) |
| Ipados | Apple | * | 16.7.3 (excluding) |
| Ipados | Apple | 17.0 (including) | 17.2 (excluding) |
| Iphone_os | Apple | * | 16.7.3 (excluding) |
| Iphone_os | Apple | 17.0 (including) | 17.2 (excluding) |
| Macos | Apple | 14.0 (including) | 14.2 (excluding) |
| Tvos | Apple | * | 17.2 (excluding) |
| Watchos | Apple | * | 10.2 (excluding) |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | webkitgtk4-0:2.48.3-2.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | webkit2gtk3-0:2.42.5-1.el8 | * |
| Red Hat Enterprise Linux 9 | RedHat | webkit2gtk3-0:2.42.5-1.el9 | * |
| Qtwebkit-opensource-src | Ubuntu | bionic | * |
| Qtwebkit-opensource-src | Ubuntu | devel | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/focal | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/jammy | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/noble | * |
| Qtwebkit-opensource-src | Ubuntu | esm-infra/xenial | * |
| Qtwebkit-opensource-src | Ubuntu | focal | * |
| Qtwebkit-opensource-src | Ubuntu | jammy | * |
| Qtwebkit-opensource-src | Ubuntu | lunar | * |
| Qtwebkit-opensource-src | Ubuntu | mantic | * |
| Qtwebkit-opensource-src | Ubuntu | noble | * |
| Qtwebkit-opensource-src | Ubuntu | trusty | * |
| Qtwebkit-opensource-src | Ubuntu | upstream | * |
| Qtwebkit-opensource-src | Ubuntu | xenial | * |
| Qtwebkit-source | Ubuntu | bionic | * |
| Qtwebkit-source | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-source | Ubuntu | esm-apps/xenial | * |
| Qtwebkit-source | Ubuntu | trusty | * |
| Qtwebkit-source | Ubuntu | xenial | * |
| Webkit2gtk | Ubuntu | bionic | * |
| Webkit2gtk | Ubuntu | esm-infra/bionic | * |
| Webkit2gtk | Ubuntu | esm-infra/focal | * |
| Webkit2gtk | Ubuntu | esm-infra/xenial | * |
| Webkit2gtk | Ubuntu | focal | * |
| Webkit2gtk | Ubuntu | jammy | * |
| Webkit2gtk | Ubuntu | lunar | * |
| Webkit2gtk | Ubuntu | mantic | * |
| Webkit2gtk | Ubuntu | xenial | * |
| Webkitgtk | Ubuntu | bionic | * |
| Webkitgtk | Ubuntu | esm-apps/bionic | * |
| Webkitgtk | Ubuntu | esm-apps/xenial | * |
| Webkitgtk | Ubuntu | trusty | * |
| Webkitgtk | Ubuntu | xenial | * |
| Wpewebkit | Ubuntu | bionic | * |
| Wpewebkit | Ubuntu | esm-apps/focal | * |
| Wpewebkit | Ubuntu | esm-apps/jammy | * |
| Wpewebkit | Ubuntu | focal | * |
| Wpewebkit | Ubuntu | jammy | * |
| Wpewebkit | Ubuntu | trusty | * |
| Wpewebkit | Ubuntu | upstream | * |
| Wpewebkit | Ubuntu | xenial | * |
References
- http://seclists.org/fulldisclosure/2023/Dec/12
- http://seclists.org/fulldisclosure/2023/Dec/13
- http://seclists.org/fulldisclosure/2023/Dec/6
- http://seclists.org/fulldisclosure/2023/Dec/7
- http://seclists.org/fulldisclosure/2023/Dec/8
- http://seclists.org/fulldisclosure/2023/Dec/9
- http://www.openwall.com/lists/oss-security/2023/12/18/1
- https://support.apple.com/en-us/HT214034
- https://support.apple.com/en-us/HT214035
- https://support.apple.com/en-us/HT214036
- https://support.apple.com/en-us/HT214039
- https://support.apple.com/en-us/HT214040
- https://support.apple.com/en-us/HT214041
- https://support.apple.com/kb/HT214034
- https://support.apple.com/kb/HT214039
- https://www.debian.org/security/2023/dsa-5580
- http://seclists.org/fulldisclosure/2023/Dec/12
- http://seclists.org/fulldisclosure/2023/Dec/13
- http://seclists.org/fulldisclosure/2023/Dec/6
- http://seclists.org/fulldisclosure/2023/Dec/7
- http://seclists.org/fulldisclosure/2023/Dec/8
- http://seclists.org/fulldisclosure/2023/Dec/9
- http://www.openwall.com/lists/oss-security/2023/12/18/1
- https://support.apple.com/en-us/HT214034
- https://support.apple.com/en-us/HT214035
- https://support.apple.com/en-us/HT214036
- https://support.apple.com/en-us/HT214039
- https://support.apple.com/en-us/HT214040
- https://support.apple.com/en-us/HT214041
- https://support.apple.com/kb/HT214034
- https://support.apple.com/kb/HT214039
- https://www.debian.org/security/2023/dsa-5580