{"id":"CVE-2017-1000121","details":"The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.","modified":"2026-03-14T09:23:37.570810Z","published":"2017-11-01T21:29:00.280Z","related":["openSUSE-SU-2024:11506-1"],"references":[{"type":"ADVISORY","url":"https://webkitgtk.org/security/WSA-2017-0007.html"},{"type":"FIX","url":"http://trac.webkit.org/changeset/217126/webkit"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.16.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000121.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}