{
  "threat_severity" : "Important",
  "public_date" : "2024-02-05T00:00:00Z",
  "bugzilla" : {
    "description" : "webkitgtk: Processing web content may lead to arbitrary code execution",
    "id" : "2270143",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.", "A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems." ],
  "statement" : "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:2982",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.42.5-1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2126",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "webkit2gtk3-0:2.42.5-1.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-40414\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40414\nhttps://webkitgtk.org/security/WSA-2024-0001.html" ],
  "name" : "CVE-2023-40414",
  "csaw" : false
}