Your submission was sent successfully! Close

CVE-2022-29536

Published: 20 April 2022

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
epiphany-browser
Launchpad, Ubuntu, Debian
bionic Needed

focal
Released (3.36.4-0ubuntu2)
impish Ignored
(reached end-of-life)
jammy
Released (42.1-1ubuntu1)
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)