CVE-2025-66287Classic Buffer Overflow in Webkitgtk Team Webkitgtk

CWE-120Classic Buffer Overflow6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 72.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Webkitgtk Team WebkitgtkDebian Webkit2gtkDebian Wpewebkit
Timeline
PublishedDec 4
Latest updateJan 5

Description

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5the_webkitgtk_team/webkitgtk< 2.50.3
debiandebian/wpewebkit< webkit2gtk 2.50.3-1~deb12u1 (bookworm)
debiandebian/webkit2gtk< webkit2gtk 2.50.3-1~deb12u1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-f6mf-j487-747p: A flaw was found in WebKitGTK2025-12-04
OSV
CVE-2025-66287: A flaw was found in WebKitGTK2025-12-04

📋Vendor Advisories

3
Ubuntu
WebKitGTK vulnerabilities2026-01-05
Red Hat
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash2025-12-04
Debian
CVE-2025-66287: webkit2gtk - A flaw was found in WebKitGTK. Processing malicious web content can cause an une...2025