{
  "threat_severity" : "Moderate",
  "public_date" : "2025-02-09T00:00:00Z",
  "bugzilla" : {
    "description" : "webkitgtk: Processing web content may lead to a denial-of-service",
    "id" : "2344946",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2344946"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.", "A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling." ],
  "statement" : "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9636",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-07-18T00:00:00Z",
    "advisory" : "RHSA-2023:4201",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "webkit2gtk3-0:2.38.5-1.el9_2.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-54658\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-54658\nhttps://webkitgtk.org/security/WSA-2025-0001.html" ],
  "name" : "CVE-2024-54658",
  "mitigation" : {
    "value" : "Do not process or load untrusted web content with WebKitGTK.",
    "lang" : "en:us"
  },
  "csaw" : false
}