Launchpad.net

CVE 2022-29536

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

Related bugs and status

CVE-2022-29536 (Candidate) is related to these bugs:

Bug #1955362: epiphany December 2021 XSS issues

		In	Importance	Status
1955362	epiphany December 2021 XSS issues	epiphany-browser (Ubuntu)	Undecided	Fix Released
1955362	epiphany December 2021 XSS issues	epiphany-browser (Ubuntu Focal)	Undecided	Fix Released
1955362	epiphany December 2021 XSS issues	epiphany-browser (Ubuntu Impish)	Undecided	Won't Fix

Bug #1969851: CVE-2022-29536 epiphany

		In	Importance	Status
1969851	CVE-2022-29536 epiphany	epiphany-browser (Ubuntu)	Undecided	Fix Released
1969851	CVE-2022-29536 epiphany	epiphany-browser (Ubuntu Focal)	Undecided	Fix Released
1969851	CVE-2022-29536 epiphany	epiphany-browser (Ubuntu Jammy)	Undecided	Fix Released

Bug #1984266: Update epiphany-browser to 42.4

Summary				In	Importance	Status
	1984266	Update epiphany-browser to 42.4		epiphany-browser (Ubuntu)	High	Fix Released
	1984266	Update epiphany-browser to 42.4		epiphany-browser (Ubuntu Jammy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-29536

Related bugs and status

Related bugs

References