DEBIAN-CVE-2025-43529

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-43529

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-43529

Upstream

CVE-2025-43529

Downstream

DLA-4414-1

DSA-6083-1

Published

2025-12-17T21:16:11.570Z

Modified

2025-12-21T05:12:13.847463Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

References

https://security-tracker.debian.org/tracker/CVE-2025-43529

Affected packages

Debian:11

webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.50.4-1~deb11u1

Affected versions

2.*

2.32.3-1

2.32.4-1~deb10u1

2.32.4-1~deb11u1

2.32.4-1

2.33.1-1

2.33.2-1

2.33.3-1

2.33.90-1

2.33.91-1

2.34.0-1~bpo11+1

2.34.0-1

2.34.1-1~deb10u1

2.34.1-1~deb11u1

2.34.1-1

2.34.2-1~bpo11+1

2.34.2-1

2.34.3-1~deb10u1

2.34.3-1~deb11u1

2.34.3-1

2.34.4-1~deb10u1

2.34.4-1~deb11u1

2.34.4-1

2.34.5-1

2.34.6-1~deb10u1

2.34.6-1~deb11u1

2.34.6-1

2.35.1-1

2.35.2-1

2.35.3-1

2.35.90-1

2.36.0-1

2.36.0-2

2.36.0-3~deb10u1

2.36.0-3~deb11u1

2.36.0-3

2.36.1-1

2.36.2-1

2.36.3-1~deb10u1

2.36.3-1~deb11u1

2.36.3-1

2.36.4-1~deb10u1

2.36.4-1~deb11u1

2.36.4-1

2.36.6-1~deb10u1

2.36.6-1~deb11u1

2.36.6-1

2.36.7-1~deb10u1

2.36.7-1~deb11u1

2.36.7-1

2.37.1-1

2.37.1-2

2.37.90-1

2.37.91-1

2.38.0-1~deb10u1

2.38.0-1~deb11u1

2.38.0-1

2.38.0-2

2.38.0-3

2.38.1-1

2.38.2-1~deb10u1

2.38.2-1~deb11u1

2.38.2-1

2.38.3-1~deb10u1

2.38.3-1~deb11u1

2.38.3-1

2.38.4-1

2.38.4-2~deb10u1

2.38.4-2~deb11u1

2.38.4-2

2.38.5-1~deb10u1

2.38.5-1~deb11u1

2.38.5-1

2.38.5-1+m68k

2.39.1-1

2.39.2-1

2.39.3-1

2.39.4-1

2.39.5-1

2.39.7-1

2.39.90-1

2.39.91-1

2.40.0-1

2.40.0-2

2.40.0-3

2.40.1-1~deb11u1

2.40.1-1

2.40.2-1~deb11u1

2.40.2-1~deb12u1

2.40.2-1

2.40.3-1

2.40.3-2~deb11u1

2.40.3-2~deb11u2

2.40.3-2~deb12u1

2.40.3-2~deb12u2

2.40.3-2

2.40.4-1

2.40.5-1~deb11u1

2.40.5-1~deb12u1

2.40.5-1

2.41.4-1

2.41.5-1

2.41.6-1

2.41.90-1

2.41.91-1

2.41.91-2

2.41.92-1

2.42.0-1~bpo12+1

2.42.0-1

2.42.1-1~bpo12+1

2.42.1-1~deb11u1

2.42.1-1~deb11u2

2.42.1-1~deb12u1

2.42.1-1

2.42.1-2

2.42.2-1~deb11u1

2.42.2-1~deb12u1

2.42.2-1

2.42.3-1~deb11u1

2.42.3-1~deb12u1

2.42.3-1

2.42.4-1~deb11u1

2.42.4-1~deb12u1

2.42.4-1

2.42.5-1~deb11u1

2.42.5-1~deb12u1

2.42.5-1

2.42.5-2

2.43.1-1

2.43.2-1

2.43.3-1

2.43.4-1

2.43.4-2

2.44.0-1

2.44.0-2

2.44.1-1~deb11u1

2.44.1-1~deb12u1

2.44.1-1

2.44.2-1~deb11u1

2.44.2-1~deb12u1

2.44.2-1

2.44.3-1~deb11u1

2.44.3-1~deb12u1

2.44.3-1

2.44.4-1

2.45.1-1

2.45.1-2

2.45.2-1

2.45.3-1

2.45.4-1

2.45.5-1

2.45.6-1

2.45.91-1

2.45.92-1

2.46.0-1

2.46.0-2~deb12u1

2.46.0-2

2.46.1-1

2.46.1-2~bpo12+1

2.46.1-2

2.46.2-1

2.46.3-1~deb11u1

2.46.3-1~deb11u2

2.46.3-1~deb12u1

2.46.3-1

2.46.4-1~deb11u1

2.46.4-1~deb12u1

2.46.4-1

2.46.5-1~deb11u1

2.46.5-1~deb12u1

2.46.5-1

2.46.5-1+hurd.1

2.46.5-1+hurd.2

2.46.6-1~deb11u1

2.46.6-1~deb12u1

2.46.6-1

2.47.1-1

2.47.2-1

2.47.3-1

2.47.4-1

2.47.90-1

2.48.0-1~deb12u1

2.48.0-1

2.48.0-1+alpha

2.48.0-1+hurd.1

2.48.0-1+hurd.2

2.48.1-1

2.48.1-2~deb12u1

2.48.1-2

2.48.1-3

2.48.2-1

2.48.3-1~deb11u1

2.48.3-1~deb12u1

2.48.3-1

2.48.5-1~deb11u1

2.48.5-1~deb12u1

2.48.5-1~deb13u1

2.48.5-1

2.48.6-1

2.49.90-1

2.50.0-1

2.50.0-2

2.50.1-1~deb11u1

2.50.1-1~deb12u1

2.50.1-1~deb13u1

2.50.1-1

2.50.2-1~deb11u1

2.50.2-1~deb12u1

2.50.2-1~deb13u1

2.50.2-1

2.50.3-1~deb11u1

2.50.3-1~deb12u1

2.50.3-1~deb13u1

2.50.3-1

2.50.3-1+hurd.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json"

wpewebkit

Package

Name: wpewebkit
Purl: pkg:deb/debian/wpewebkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.32.3-2

2.32.4-1~deb11u1

2.32.4-1

2.34.1-1~deb11u1

2.34.1-1

2.34.2-1

2.34.3-1~deb11u1

2.34.3-1

2.34.4-1~deb11u1

2.34.4-1

2.34.5-1

2.34.6-1~deb11u1

2.34.6-1

2.36.0-1

2.36.0-2~deb11u1

2.36.0-2

2.36.1-1

2.36.3-1~deb11u1

2.36.3-1

2.36.4-1~deb11u1

2.36.4-1

2.36.6-1~deb11u1

2.36.6-1

2.36.7-1~deb11u1

2.36.7-1

2.38.0-1~deb11u1

2.38.0-1

2.38.1-1

2.38.2-1~deb11u1

2.38.2-1

2.38.3-1~deb11u1

2.38.3-1

2.38.4-1~deb11u1

2.38.4-1

2.38.5-1~deb11u1

2.38.5-1

2.38.6-1~deb11u1

2.38.6-1

2.39.91-1

2.40.0-1

2.40.1-1

2.40.2-1

2.40.2-2

2.40.3-1

2.40.4-1

2.40.5-1

2.42.0-1

2.42.1-1

2.42.2-1

2.42.3-1

2.42.4-1

2.42.5-1

2.42.5-1.1~exp1

2.42.5-1.1

2.42.5-1.2

2.42.5-2~exp

2.44.1-1

2.44.2-1

2.44.2-2

2.44.3-1

2.44.4-1

2.46.1-1

2.46.2-1

2.46.3-1

2.46.4-1

2.46.5-1

2.46.6-1

2.48.0-1

2.48.1-1

2.48.1-2

2.48.2-1

2.48.3-1

2.48.5-1

2.48.6-1

2.48.6-2

2.50.0-1

2.50.0-2

2.50.1-1

2.50.2-1

2.50.3-1

2.50.4-1

Ecosystem specific

{
    "urgency": "end-of-life"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json"

Debian:12

webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.50.4-1~deb12u1

Affected versions

2.*

2.40.1-1

2.40.2-1~deb11u1

2.40.2-1~deb12u1

2.40.2-1

2.40.3-1

2.40.3-2~deb11u1

2.40.3-2~deb11u2

2.40.3-2~deb12u1

2.40.3-2~deb12u2

2.40.3-2

2.40.4-1

2.40.5-1~deb11u1

2.40.5-1~deb12u1

2.40.5-1

2.41.4-1

2.41.5-1

2.41.6-1

2.41.90-1

2.41.91-1

2.41.91-2

2.41.92-1

2.42.0-1~bpo12+1

2.42.0-1

2.42.1-1~bpo12+1

2.42.1-1~deb11u1

2.42.1-1~deb11u2

2.42.1-1~deb12u1

2.42.1-1

2.42.1-2

2.42.2-1~deb11u1

2.42.2-1~deb12u1

2.42.2-1

2.42.3-1~deb11u1

2.42.3-1~deb12u1

2.42.3-1

2.42.4-1~deb11u1

2.42.4-1~deb12u1

2.42.4-1

2.42.5-1~deb11u1

2.42.5-1~deb12u1

2.42.5-1

2.42.5-2

2.43.1-1

2.43.2-1

2.43.3-1

2.43.4-1

2.43.4-2

2.44.0-1

2.44.0-2

2.44.1-1~deb11u1

2.44.1-1~deb12u1

2.44.1-1

2.44.2-1~deb11u1

2.44.2-1~deb12u1

2.44.2-1

2.44.3-1~deb11u1

2.44.3-1~deb12u1

2.44.3-1

2.44.4-1

2.45.1-1

2.45.1-2

2.45.2-1

2.45.3-1

2.45.4-1

2.45.5-1

2.45.6-1

2.45.91-1

2.45.92-1

2.46.0-1

2.46.0-2~deb12u1

2.46.0-2

2.46.1-1

2.46.1-2~bpo12+1

2.46.1-2

2.46.2-1

2.46.3-1~deb11u1

2.46.3-1~deb11u2

2.46.3-1~deb12u1

2.46.3-1

2.46.4-1~deb11u1

2.46.4-1~deb12u1

2.46.4-1

2.46.5-1~deb11u1

2.46.5-1~deb12u1

2.46.5-1

2.46.5-1+hurd.1

2.46.5-1+hurd.2

2.46.6-1~deb11u1

2.46.6-1~deb12u1

2.46.6-1

2.47.1-1

2.47.2-1

2.47.3-1

2.47.4-1

2.47.90-1

2.48.0-1~deb12u1

2.48.0-1

2.48.0-1+alpha

2.48.0-1+hurd.1

2.48.0-1+hurd.2

2.48.1-1

2.48.1-2~deb12u1

2.48.1-2

2.48.1-3

2.48.2-1

2.48.3-1~deb11u1

2.48.3-1~deb12u1

2.48.3-1

2.48.5-1~deb11u1

2.48.5-1~deb12u1

2.48.5-1~deb13u1

2.48.5-1

2.48.6-1

2.49.90-1

2.50.0-1

2.50.0-2

2.50.1-1~deb11u1

2.50.1-1~deb12u1

2.50.1-1~deb13u1

2.50.1-1

2.50.2-1~deb11u1

2.50.2-1~deb12u1

2.50.2-1~deb13u1

2.50.2-1

2.50.3-1~deb11u1

2.50.3-1~deb12u1

2.50.3-1~deb13u1

2.50.3-1

2.50.3-1+hurd.1

2.50.4-1~deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json"

wpewebkit

Package

Name: wpewebkit
Purl: pkg:deb/debian/wpewebkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.38.6-1

2.39.91-1

2.40.0-1

2.40.1-1

2.40.2-1

2.40.2-2

2.40.3-1

2.40.4-1

2.40.5-1

2.42.0-1

2.42.1-1

2.42.2-1

2.42.3-1

2.42.4-1

2.42.5-1

2.42.5-1.1~exp1

2.42.5-1.1

2.42.5-1.2

2.42.5-2~exp

2.44.1-1

2.44.2-1

2.44.2-2

2.44.3-1

2.44.4-1

2.46.1-1

2.46.2-1

2.46.3-1

2.46.4-1

2.46.5-1

2.46.6-1

2.48.0-1

2.48.1-1

2.48.1-2

2.48.2-1

2.48.3-1

2.48.5-1

2.48.6-1

2.48.6-2

2.50.0-1

2.50.0-2

2.50.1-1

2.50.2-1

2.50.3-1

2.50.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json"

Debian:13

webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.50.4-1~deb13u1

Affected versions

2.*

2.48.3-1

2.48.5-1~deb11u1

2.48.5-1~deb12u1

2.48.5-1~deb13u1

2.48.5-1

2.48.6-1

2.49.90-1

2.50.0-1

2.50.0-2

2.50.1-1~deb11u1

2.50.1-1~deb12u1

2.50.1-1~deb13u1

2.50.1-1

2.50.2-1~deb11u1

2.50.2-1~deb12u1

2.50.2-1~deb13u1

2.50.2-1

2.50.3-1~deb11u1

2.50.3-1~deb12u1

2.50.3-1~deb13u1

2.50.3-1

2.50.3-1+hurd.1

2.50.4-1~deb11u1

2.50.4-1~deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json"

wpewebkit

Package

Name: wpewebkit
Purl: pkg:deb/debian/wpewebkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.48.3-1

2.48.5-1

2.48.6-1

2.48.6-2

2.50.0-1

2.50.0-2

2.50.1-1

2.50.2-1

2.50.3-1

2.50.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json"

Debian:14

webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.50.4-1

Affected versions

2.*

2.48.3-1

2.48.5-1~deb11u1

2.48.5-1~deb12u1

2.48.5-1~deb13u1

2.48.5-1

2.48.6-1

2.49.90-1

2.50.0-1

2.50.0-2

2.50.1-1~deb11u1

2.50.1-1~deb12u1

2.50.1-1~deb13u1

2.50.1-1

2.50.2-1~deb11u1

2.50.2-1~deb12u1

2.50.2-1~deb13u1

2.50.2-1

2.50.3-1~deb11u1

2.50.3-1~deb12u1

2.50.3-1~deb13u1

2.50.3-1

2.50.3-1+hurd.1

2.50.4-1~deb11u1

2.50.4-1~deb12u1

2.50.4-1~deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json"

wpewebkit

Package

Name: wpewebkit
Purl: pkg:deb/debian/wpewebkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.50.4-1

Affected versions

2.*

2.48.3-1

2.48.5-1

2.48.6-1

2.48.6-2

2.50.0-1

2.50.0-2

2.50.1-1

2.50.2-1

2.50.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-43529.json"