This security advisory from Red Hat addresses four vulnerabilities in the webkit2gtk3 package, which is the GTK platform port of the WebKit rendering engine. The vulnerabilities include multiple instances where processing maliciously crafted web content can lead to unexpected process crashes (CVE-2024-54479, CVE-2024-54502, CVE-2024-54508) and one instance of memory corruption (CVE-2024-54505). These issues affect Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions across multiple architectures including x86_64, ppc64le, aarch64, and s390x. Red Hat has released updated packages (webkit2gtk3-2.46.5-1.el9_0) to remediate these vulnerabilities. The advisory does not provide CVSS scores but classifies the impact as important. There are no reports of active exploitation in the wild.

Successful exploitation of these vulnerabilities may cause the affected WebKitGTK processes to crash unexpectedly or suffer memory corruption, potentially leading to denial of service or other undefined behavior in applications relying on this rendering engine. The advisory does not indicate any known active exploitation. The impact is rated as important by Red Hat, reflecting a high severity level but not critical. The vulnerabilities affect multiple CPU architectures supported by Red Hat Enterprise Linux 9.0.

Red Hat has released updated webkit2gtk3 packages that address these vulnerabilities. Users of affected Red Hat Enterprise Linux 9.0 systems should apply the security update as soon as possible by following the instructions in the Red Hat advisory RHSA-2025:0283 (https://access.redhat.com/errata/RHSA-2025:0283). No alternative mitigations or workarounds are specified. Patch status is confirmed as fixed by the vendor advisory.