The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5154 advisory.

  - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,     watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to code execution. (CVE-2022-26700)

  - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,     iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2022-26709)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,     iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)

  - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,     watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)

  - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in     WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
    (CVE-2022-30293)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5154-1 : webkit2gtk - security update

high Nessus Plugin ID 161747

Version 1.5

Version 1.4

Version 1.3

Version 1.5 May 7, 2025, 8:43 AM CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2022-26719") Plugin Feed: 202505070843
Version 1.4 Oct 26, 2023, 4:21 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310261621
Version 1.3 Mar 21, 2023, 7:30 PM Plugin metadata Plugin Feed: 202303211930