Alpine: webkit2gtk: security update to 2.32.3-r0

high Tenable Cloud Security Plugin ID 426128

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS
14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing
maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)

- A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of
Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further
memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a
malicious webpage. (CVE-2021-21775)

- A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in
WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory
corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
(CVE-2021-21779)

- An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and
iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted
web content may lead to arbitrary code execution. (CVE-2021-30663)

- A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS
7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously
crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may
have been actively exploited.. (CVE-2021-30665)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-21775

https://security.alpinelinux.org/vuln/CVE-2021-21779

https://security.alpinelinux.org/vuln/CVE-2021-30663

https://security.alpinelinux.org/vuln/CVE-2021-30665

https://security.alpinelinux.org/vuln/CVE-2021-30689

https://security.alpinelinux.org/vuln/CVE-2021-30720

https://security.alpinelinux.org/vuln/CVE-2021-30734

https://security.alpinelinux.org/vuln/CVE-2021-30744

https://security.alpinelinux.org/vuln/CVE-2021-30749

https://security.alpinelinux.org/vuln/CVE-2021-30795

https://security.alpinelinux.org/vuln/CVE-2021-30797

https://security.alpinelinux.org/vuln/CVE-2021-30799

Plugin Details

Severity: High

ID: 426128

Version: Revision 1.2

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-30799

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/6/2021

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799