Skip to content

Potential Vulnerability in Cloned Code#13

Open
tabudz wants to merge 16 commits intoultralight-ux:masterfrom
tabudz:cve-2013-6649
Open

Potential Vulnerability in Cloned Code#13
tabudz wants to merge 16 commits intoultralight-ux:masterfrom
tabudz:cve-2013-6649

Conversation

@tabudz
Copy link
Copy Markdown

@tabudz tabudz commented Dec 22, 2025

Summary

Our tool detected a potential vulnerability in Source/WebCore/rendering/svg/RenderSVGImage.cpp which was cloned from chromium/chromium but did not receive the security patch applied. The original issue was reported and fixed under https://nvd.nist.gov/vuln/detail/cve-2013-6649.

Proposed Fix

Apply the same patch as the one in chromium/chromium to eliminate the vulnerability.

Reference

https://nvd.nist.gov/vuln/detail/cve-2013-6649
chromium/chromium@70bcb6b

ozanvos and others added 16 commits March 24, 2021 11:30
@ozanvos
Allow running off the main thread on macOS
8962542 
This still does not allow calling Ultralight from different threads, but with this change it is now possible to use a separate worker thread for interacting with Ultralight.
@19h
Fix WebKitCompilerFlags erroring when CMAKE_CXX_FLAGS is empty
38bd2d8
@p0358
Make context menu work in web inspector
02906e6
@adamjs
Annotate more functions for performance profiling.
71c749b
@adamjs
Update mimalloc to 2.1.1
63f5d5f
@adamjs
Integrate new mimalloc version into build system.
bd6810e
@adamjs
Annotate more functions for performance profiling.
771a554
@adamjs
Remove limit on gradient stops (was capped at 12).
30c54e7
@adamjs
Update CA certificate bundle (latest Mozilla).
cd46edc
@adamjs
Disable video/audio by default.
41135a6
@adamjs
Update deps.
c337f41
@adamjs
Fix issue drawing gradients with CPU renderer.
d838c7a
@adamjs
Merge branch 'patch-2'
e7ddcfc
@adamjs
Merge branch 'cmake-fix'
a5a8437
@adamjs
Merge branch 'p0358/master'
e9fa225
@openhands-agent
Avoid drawing SVG image content when the image is of zero size.
dbe4e2e 
R=pdr
BUG=330420

Review URL: https://codereview.chromium.org/109753004

git-svn-id: svn://svn.chromium.org/blink/trunk@164536 bbb929c8-8fbe-4397-9dbb-9b2b20218538
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@tabudz @ozanvos @19h @p0358 @adamjs @openhands-agent