CVE-2021-21779: 
NixOS vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in WebKit's GraphicsContext handling of certain events in WebKitGTK 2.30.4. The vulnerability was identified and reported by Marcin Towalski of Cisco Talos, and was assigned CVE-2021-21779. The issue was disclosed in July 2021 and affected WebKitGTK and WPE WebKit versions before 2.32.3 (Talos Report, OSS Security).

The vulnerability exists in how WebKit's GraphicsContext handles function fillText. The issue occurs when processing height attribute changes in HTMLCanvasElement objects. When a canvas element's height is modified through an eventchangeheight, the previous allocation is freed but subsequent calls to fillGradient() attempt to access the freed memory ranges. This creates a use-after-free condition that could be exploited with proper memory layout control and heap grooming. The vulnerability has been assigned a CVSS v3 score of 6.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L) (Talos Report).

If successfully exploited, this vulnerability could lead to potential information leaks and further memory corruption. The impact requires user interaction as a victim must be tricked into visiting a malicious webpage to trigger the vulnerability (OSS Security, Debian Security).

The vulnerability was patched in WebKitGTK and WPE WebKit version 2.32.3. Users and administrators are strongly recommended to upgrade to this version or later. The fix was also backported to various Linux distributions including Debian (version 2.32.3-1~deb10u1) and Fedora (version 2.32.3-1.fc33/34) (Debian Security, Fedora Update).