What is CVE-2018-11646?

CVE-2018-11646 is a vulnerability in N/a. Published 2018-06-01.

Is CVE-2018-11646 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-11646

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application cra…

EPSS: 0.753 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

44876 (exploit, x_refsource_EXPLOIT-DB)
GLSA-201808-04 (vendor-advisory, x_refsource_GENTOO)
bugzilla.gnome.org/show_bug.cgi (x_refsource_MISC)
44842 (exploit, x_refsource_EXPLOIT-DB)
bugs.webkit.org/show_bug.cgi (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-11646?: CVE-2018-11646 is a vulnerability in N/a. Published 2018-06-01.
Is CVE-2018-11646 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.