Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 839786 (CVE-2022-29536) - <www-client/epiphany-42.4: client buffer overflow via a long page title (CVE-2022-29536)
Summary: <www-client/epiphany-42.4: client buffer overflow via a long page title (CVE-...
Alias: CVE-2022-29536
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa+]
Depends on:
Reported: 2022-04-21 07:18 UTC by filip ambroz
Modified: 2024-05-08 09:49 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2022-04-21 07:18:10 UTC
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
Comment 1 Matt Turner gentoo-dev 2022-06-17 18:24:18 UTC
All stable and cleaned.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-18 13:38:28 UTC
Comment 3 Larry the Git Cow gentoo-dev 2024-05-08 09:47:54 UTC
The bug has been referenced in the following commit(s):

commit 7a69d7abb7e2d4eb863dde1c092868d0df7cccbd
Author:     GLSAMaker <>
AuthorDate: 2024-05-08 09:47:31 +0000
Commit:     Hans de Graaff <>
CommitDate: 2024-05-08 09:47:50 +0000

    [ GLSA 202405-27 ] Epiphany: Buffer Overflow
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Hans de Graaff <>

 glsa-202405-27.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)