Debian Webkit2Gtk vulnerabilities

CVE-2025-43392 [MEDIUM] CVE-2025-43392: webkit2gtk - The issue was addressed with improved handling of caches. This issue is fixed in... The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in 2.50.2-1~deb11u1

CVE-2025-24208 [MEDIUM] CVE-2025-24208: webkit2gtk - A permissions issue was addressed with additional restrictions. This issue is fi... A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky: resolved (fixed in 2.48.1-1) sid: resolved (fixed in

CVE-2025-43228 [MEDIUM] CVE-2025-43228: webkit2gtk - The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iO... The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~deb11u1) forky: resolved (fixed in 2.48.5-1) sid: resolved (fixed in 2.48.5-1) trixie: resolved (f

CVE-2025-43272 [MEDIUM] CVE-2025-43272: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.1-1~deb11u1) forky: resolved (fixe

CVE-2025-31257 [MEDIUM] CVE-2025-31257: webkit2gtk - This issue was addressed with improved memory handling. This issue is fixed in S... This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.3-1~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11

CVE-2025-43441 [MEDIUM] CVE-2025-43441: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in

CVE-2025-43421 [MEDIUM] CVE-2025-43421: webkit2gtk - Multiple issues were addressed by disabling array allocation sinking. This issue... Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.3-1~deb12u1) bullseye: resolved (fixed in 2.50.3-1~deb11u1) forky:

CVE-2025-24162 [MEDIUM] CVE-2025-24162: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.46.6-1~deb12u1) bullseye: resolved (fixed in 2.46.6-1~

CVE-2025-31215 [MEDIUM] CVE-2025-31215: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.5... The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.48.3-1~deb12u1) bullseye: resolved (fixed in 2.48.3-1

CVE-2025-43541 [MEDIUM] CVE-2025-43541: webkit2gtk - A type confusion issue was addressed with improved state handling. This issue is... A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.4-1~deb12u1) bullseye: resolved (fixed in

CVE-2025-43425 [MEDIUM] CVE-2025-43425: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in 2.50.2-1~deb11u

CVE-2025-43368 [MEDIUM] CVE-2025-43368: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.1-1~deb11u1) forky: resolved (fixed in 2.50.

CVE-2025-43211 [MEDIUM] CVE-2025-43211: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~deb11u1) forky: re

CVE-2025-43511 [MEDIUM] CVE-2025-43511: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye:

CVE-2025-43429 [MEDIUM] CVE-2025-43429: webkit2gtk - A buffer overflow was addressed with improved bounds checking. This issue is fix... A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullse

CVE-2025-43458 [MEDIUM] CVE-2025-43458: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.3-1~deb12u1) bullseye:

CVE-2025-43214 [MEDIUM] CVE-2025-43214: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed in 2.5

CVE-2025-43212 [MEDIUM] CVE-2025-43212: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~deb11u

CVE-2025-43427 [MEDIUM] CVE-2025-43427: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in 2.50.2-1~deb11u1) forky:

CVE-2025-43240 [MEDIUM] CVE-2025-43240: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in Safari ... A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~deb11u1) forky: resolved (fixed in 2.48.5-1) sid: resolved (fixed in 2.48.5-1) trixie: resolved (fixed in 2.