CLSA-2025-1767001828
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2025-1767001828.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2025-1767001828
- Upstream
- Published
- 2026-01-05T15:08:11Z
- Modified
- 2026-06-01T00:32:39.205175892Z
- Summary
- webkit2gtk3: Fix of 15 CVEs
- Details
-
- Update to 2.50.3
- Fix multiple security issues that could lead to crashes, memory corruption,
or information disclosure when processing malicious web content:
- CVE-2025-66287
- CVE-2025-43458
- CVE-2025-43421
- CVE-2025-13947
- Includes fixes previously released in version 2.50.2:
- CVE-2025-13502: fix out-of-bounds read and integer underflow
- CVE-2025-43443: fix unexpected process crash from malicious web content
- CVE-2025-43440: fix DFG constant folding to skip unreachable blocks
- CVE-2025-43434: fix use-after-free in WebAssembly globals and tables
- CVE-2025-43432: fix use-after-free in WasmFunctionParser
- CVE-2025-43431: fix dangling pointer in WebAssembly struct field types
- CVE-2025-43430: fix BBQ JIT writing to incorrect stack slots
- CVE-2025-43429: fix insufficient bounds checking in Unicode string handling
- CVE-2025-43427: fix wrong jump table state handling that could lead to crashes
- CVE-2025-43425: fix DFG node cloning flaw leading to crashes
- CVE-2025-43392: fix cross-origin image data leak
- References
Affected packages
TuxCare:AlmaLinux:9.6 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/tuxcare/webkit2gtk3?distro=almalinux-9.6
TuxCare:AlmaLinux:9.6 / webkit2gtk3-devel
Package
- Name
- webkit2gtk3-devel
- Purl
- pkg:rpm/tuxcare/webkit2gtk3-devel?distro=almalinux-9.6
TuxCare:AlmaLinux:9.6 / webkit2gtk3-jsc
Package
- Name
- webkit2gtk3-jsc
- Purl
- pkg:rpm/tuxcare/webkit2gtk3-jsc?distro=almalinux-9.6