CLSA-2025-1765986482
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1765986482.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2025-1765986482
- Upstream
- Published
- 2025-12-17T15:48:06Z
- Modified
- 2026-06-01T00:31:32.839348970Z
- Summary
- webkit2gtk3: Fix of 4 CVEs
- Details
-
- CVE-2025-13502: fix out of bounds read and integer underflow by adding bounds checking and validating message delimiters
- CVE-2025-43430: fix bbq jit compiler writing to wrong stack slots in wasm try/catch blocks
- CVE-2025-43421: fix memory handling issues that cause unexpected process crashes by disabling array allocation sinking in JS JIT
- CVE-2025-66287: fix process crash from malicious png/apng files with excessive data
- References
Affected packages
TuxCare:AlmaLinux:9.2 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/tuxcare/webkit2gtk3?distro=almalinux-9.2
TuxCare:AlmaLinux:9.2 / webkit2gtk3-devel
Package
- Name
- webkit2gtk3-devel
- Purl
- pkg:rpm/tuxcare/webkit2gtk3-devel?distro=almalinux-9.2
TuxCare:AlmaLinux:9.2 / webkit2gtk3-jsc
Package
- Name
- webkit2gtk3-jsc
- Purl
- pkg:rpm/tuxcare/webkit2gtk3-jsc?distro=almalinux-9.2