This security advisory from Red Hat addresses four vulnerabilities in webkit2gtk3 affecting Red Hat Enterprise Linux 8.4 variants. The vulnerabilities involve processing maliciously crafted web content that can lead to unexpected process crashes (CVE-2024-54479, CVE-2024-54502, CVE-2024-54508) and memory corruption (CVE-2024-54505). These issues are related to improper handling of web content in the WebKitGTK engine. Red Hat has released updated packages to fix these vulnerabilities as detailed in advisory RHSA-2025:0278. The advisory does not provide CVSS scores but classifies the impact as important. No exploits in the wild have been reported. The update is available for multiple Red Hat Enterprise Linux 8.4 variants including Advanced Mission Critical Update Support, Telecommunications Update Service, and Update Services for SAP Solutions.

Successful exploitation of these vulnerabilities may cause the affected processes using WebKitGTK to crash unexpectedly or suffer memory corruption. This can lead to denial of service or potentially other undefined behavior depending on the memory corruption impact. The advisory does not report any known active exploitation. The vulnerabilities affect Red Hat Enterprise Linux 8.4 platforms using webkit2gtk3. The severity is rated as important by Red Hat, indicating a significant security impact but no direct evidence of exploitation or higher severity impacts such as remote code execution.

Red Hat has released updated webkit2gtk3 packages that address these vulnerabilities. Users of affected Red Hat Enterprise Linux 8.4 variants should apply the security update described in advisory RHSA-2025:0278 as soon as possible. The advisory provides detailed instructions and package information for remediation. There are no indications that additional mitigation steps beyond applying the official update are required. Patch status is confirmed by the vendor advisory.