Debian Webkit2Gtk vulnerabilities

CVE-2025-43536 [MEDIUM] CVE-2025-43536: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.4-1~deb12u1) bullseye: resolved (fixed in 2.50.4-1~d

CVE-2025-43440 [MEDIUM] CVE-2025-43440: webkit2gtk - This issue was addressed with improved checks. This issue is fixed in Safari 26.... This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in 2.50.2-1~deb11u1) forky

CVE-2025-31205 [MEDIUM] CVE-2025-31205: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.5... The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin. Scope: local bookworm: resolved (fixed in 2.48.3-1~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky: resolved (fixed in 2.48.2-1)

CVE-2025-43430 [MEDIUM] CVE-2025-43430: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in 2.50.2-1~d

CVE-2025-43434 [MEDIUM] CVE-2025-43434: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: r

CVE-2025-43216 [MEDIUM] CVE-2025-43216: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: reso

CVE-2025-43265 [MEDIUM] CVE-2025-43265: webkit2gtk - An out-of-bounds read was addressed with improved input validation. This issue i... An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2

CVE-2025-43356 [MEDIUM] CVE-2025-43356: webkit2gtk - The issue was addressed with improved handling of caches. This issue is fixed in... The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.1-1~de

CVE-2025-24216 [MEDIUM] CVE-2025-24216: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in

CVE-2025-46299 [MEDIUM] CVE-2025-46299: webkit2gtk - A memory initialization issue was addressed with improved memory handling. This ... A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.

CVE-2025-43535 [MEDIUM] CVE-2025-43535: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.4-1~deb12u1) bullseye: resolved (fixed in 2.50.4-1~d

CVE-2025-24143 [MEDIUM] CVE-2025-24143: webkit2gtk - The issue was addressed with improved access restrictions to the file system. Th... The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: resolved (fixed in 2.46.6-1~deb12u1) bullseye: resolved (fixed in 2.46.6-1~deb11u1) forky: resolved

CVE-2025-43432 [MEDIUM] CVE-2025-43432: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in

CVE-2025-43213 [MEDIUM] CVE-2025-43213: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.5-1) bullseye: open forky: resolved (fixed in 2.50.5-1) s

CVE-2025-43438 [MEDIUM] CVE-2025-43438: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: r

CVE-2025-24158 [MEDIUM] CVE-2025-24158: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service. Scope: local bookworm: resolved (fixed in 2.46.6-1~deb12u1) bullseye: resolved (fixed in 2.46.6-1~deb11u1) forky: resolved (fixed i

CVE-2025-31206 [MEDIUM] CVE-2025-31206: webkit2gtk - A type confusion issue was addressed with improved state handling. This issue is... A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.3-1~deb12u1) bullseye: resolve

CVE-2025-43443 [MEDIUM] CVE-2025-43443: webkit2gtk - This issue was addressed with improved checks. This issue is fixed in Safari 26.... This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fi

CVE-2025-30427 [MEDIUM] CVE-2025-30427: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: reso

CVE-2025-14174 [HIGH] CVE-2025-14174: chromium - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499... Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved