Search for vulnerabilities
Vulnerability details: VCID-vaqs-u4js-aaap
Vulnerability ID VCID-vaqs-u4js-aaap
Aliases CVE-2023-39928
Summary A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39928.json
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01381 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
epss 0.01934 https://api.first.org/data/v1/epss?cve=CVE-2023-39928
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-39928
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-39928
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39928.json
https://api.first.org/data/v1/epss?cve=CVE-2023-39928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831
https://webkitgtk.org/security/WSA-2023-0009.html
https://www.debian.org/security/2023/dsa-5527
2241400 https://bugzilla.redhat.com/show_bug.cgi?id=2241400
cpe:2.3:a:webkitgtk:webkitgtk:2.40.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk:2.40.5:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2023-39928 https://nvd.nist.gov/vuln/detail/CVE-2023-39928
GLSA-202401-33 https://security.gentoo.org/glsa/202401-33
RHSA-2024:2126 https://access.redhat.com/errata/RHSA-2024:2126
RHSA-2024:2982 https://access.redhat.com/errata/RHSA-2024:2982
USN-6426-1 https://usn.ubuntu.com/6426-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39928.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39928
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39928
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.46306
EPSS Score 0.00116
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.