CVE DATABASE / CVE-2019-8720

CVE-2019-8720

WebKitGTK Memory Corruption Vulnerability

CVSS 8.8 · HIGH ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2022-05-23. Federal remediation due 2022-06-13.
Required action: Apply updates per vendor instructions.

Summary

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVSS 3.1 breakdown

Base score	8.8 (HIGH)
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-119

Affected products

Webkitgtk webkitgtkWpewebkit wpe webkitRedhat codeready linux builderRedhat codeready linux builder eusRedhat codeready linux builder for arm64 eusRedhat codeready linux builder for ibm z systems eusRedhat codeready linux builder for power little endian eusRedhat enterprise linuxRedhat enterprise linux desktopRedhat enterprise linux eusRedhat enterprise linux for arm64 eusRedhat enterprise linux for ibm z systemsRedhat enterprise linux for ibm z systems eusRedhat enterprise linux for power big endianRedhat enterprise linux for power little endianRedhat enterprise linux for power little endian eusRedhat enterprise linux for scientific computingRedhat enterprise linux serverRedhat enterprise linux server ausRedhat enterprise linux server for power little endian update services for sap solutions

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2025-11-18. Always verify against the vendor advisory before acting.