Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Epiphany: Buffer Overflow — GLSA 202405-27

A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow.

Affected packages

Package www-client/epiphany on all architectures
Affected versions < 42.4
Unaffected versions >= 42.4

Background

Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko.

Description

A vulnerability has been discovered in Epiphany. Please review the CVE identifier referenced below for details.

Impact

In GNOME Epiphany an HTML document can trigger a client buffer overflow (in ephy_string_shorten) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

Workaround

There is no known workaround at this time.

Resolution

All Epiphany users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/epiphany-42.4"

References

Release date
May 08, 2024

Latest revision
May 08, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries