This security advisory from Red Hat addresses four vulnerabilities in webkit2gtk3, the GTK port of the WebKit rendering engine. The vulnerabilities include multiple instances where processing maliciously crafted web content can lead to unexpected process crashes (CVE-2024-54479, CVE-2024-54502, CVE-2024-54508) and memory corruption (CVE-2024-54505). These issues affect Red Hat Enterprise Linux 8 and related distributions. The advisory provides updated packages to remediate these vulnerabilities. The CVEs correspond to weaknesses such as improper handling of web content leading to crashes and memory corruption, categorized under CWEs including CWE-404 (improper resource shutdown), CWE-125 (out-of-bounds read), CWE-843 (type confusion), and CWE-20 (input validation). The vendor rates the update as important and recommends applying the provided patches. No CVSS scores are included in the advisory, and no exploits are known to be active in the wild.

The vulnerabilities can cause unexpected process crashes and memory corruption when maliciously crafted web content is processed by WebKitGTK. This can lead to denial of service or potentially other impacts related to memory corruption. The Red Hat advisory classifies the security impact as important. There are no reports of known exploits in the wild at this time.

Red Hat has released updated webkit2gtk3 packages for Red Hat Enterprise Linux 8 to address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2025:0145 (https://access.redhat.com/errata/RHSA-2025:0145) and the related article https://access.redhat.com/articles/11258. Applying these official patches is the recommended remediation. Patch status is confirmed as available from the vendor advisory.