Debian Wpewebkit vulnerabilities

CVE-2025-43529 [HIGH] CVE-2025-43529: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploit

CVE-2025-31273 [HIGH] CVE-2025-31273: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~deb11u1) forky: r

CVE-2025-66287 [HIGH] CVE-2025-66287: webkit2gtk - A flaw was found in WebKitGTK. Processing malicious web content can cause an une... A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. Scope: local bookworm: resolved (fixed in 2.50.3-1~deb12u1) bullseye: resolved (fixed in 2.50.3-1~deb11u1) forky: resolved (fixed in 2.50.3-1) sid: resolved (fixed in 2.50.3-1) trixie: resolved (fixed in 2.50.3-1~deb13u1)

CVE-2025-24213 [HIGH] CVE-2025-24213: webkit2gtk - This issue was addressed with improved handling of floats. This issue is fixed i... This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky:

CVE-2025-24189 [HIGH] CVE-2025-24189: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.3... The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.48.0-1~deb12u1) bullseye: resolved (fixed in 2.48.0-1) forky: resolved (fixed in

CVE-2025-43419 [HIGH] CVE-2025-43419: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.0-1) forky: resolved (fixed in 2.50.

CVE-2025-13502 [HIGH] CVE-2025-13502: webkit2gtk - A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-o... A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed in 2.50.2-1~deb11u1) forky: resolved (fixed in 2.50.2-1) sid: resolv

CVE-2025-43227 [HIGH] CVE-2025-43227: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~de

CVE-2025-31223 [HIGH] CVE-2025-31223: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.5... The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.0-1) forky: resolved (fixed in

CVE-2025-24150 [HIGH] CVE-2025-24150: webkit2gtk - A privacy issue was addressed with improved handling of files. This issue is fix... A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection. Scope: local bookworm: resolved (fixed in 2.46.6-1~deb12u1) bullseye: resolved (fixed in 2.46.6-1~deb11u1) forky: resolved (fixed in 2.46.6-1) sid: resolved

CVE-2025-13947 [HIGH] CVE-2025-13947: webkit2gtk - A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted i... A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser. Scope: local bookworm: resolved (fixed in 2.50.3-1~deb12u1) bullseye: reso

CVE-2025-31204 [HIGH] CVE-2025-31204: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.48.3-1~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky: r

CVE-2025-43433 [HIGH] CVE-2025-43433: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed

CVE-2025-24209 [HIGH] CVE-2025-24209: webkit2gtk - A buffer overflow issue was addressed with improved memory handling. This issue ... A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed in 2

CVE-2025-43480 [HIGH] CVE-2025-43480: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 26.1... The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin. Scope: local bookworm: resolved (fixed in 2.46.0-2~deb12u1) bullseye: resolved (fixed in 2.46.0-1) forky: resolved (fixed in 2.46.0-1) sid: resol

CVE-2025-6558 [HIGH] CVE-2025-6558: chromium - Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome pri... Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 138.0.7204.157-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.157-1) sid: resolved (

CVE-2025-31277 [HIGH] CVE-2025-31277: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.0-1) forky: resolved

CVE-2025-31278 [HIGH] CVE-2025-31278: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.48.5-1~deb12u1) bullseye: resolved (fixed in 2.48.5-1~de

CVE-2025-43501 [MEDIUM] CVE-2025-43501: webkit2gtk - A buffer overflow issue was addressed with improved memory handling. This issue ... A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.4-1~deb12u1) bullseye: resolved (fixed

CVE-2025-43457 [MEDIUM] CVE-2025-43457: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed in