Search for vulnerabilities
Vulnerability details: VCID-kch5-8swx-qub6
Vulnerability ID VCID-kch5-8swx-qub6
Aliases CVE-2023-39928
Summary A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39928.json
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-39928
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39928.json
https://api.first.org/data/v1/epss?cve=CVE-2023-39928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831
https://webkitgtk.org/security/WSA-2023-0009.html
https://www.debian.org/security/2023/dsa-5527
2241400 https://bugzilla.redhat.com/show_bug.cgi?id=2241400
cpe:2.3:a:webkitgtk:webkitgtk:2.40.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk:2.40.5:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2023-39928 https://nvd.nist.gov/vuln/detail/CVE-2023-39928
RHSA-2024:2126 https://access.redhat.com/errata/RHSA-2024:2126
RHSA-2024:2982 https://access.redhat.com/errata/RHSA-2024:2982
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-6426-1 https://usn.ubuntu.com/6426-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39928.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39928
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.38217
EPSS Score 0.00165
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:35:43.412954+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6426-1/ 37.0.0