Hello all, I have a small amendment to the advisory, please read below.
On Thu, 04 Dec 2025 16:20:45 +0200 Adrian Perez de Castro <[email protected]> wrote: > ------------------------------------------------------------------------ > WebKitGTK and WPE WebKit Security Advisory WSA-2025-0009 > ------------------------------------------------------------------------ > > Date reported : December 04, 2025 > Advisory ID : WSA-2025-0009 > WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2025-0009.html > WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2025-0009.html > CVE identifiers : CVE-2025-13502, CVE-2025-13947, > CVE-2025-43421, CVE-2025-43458, > CVE-2025-66287. > > Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. > > CVE-2025-13502 > Versions affected: WebKitGTK and WPE WebKit before 2.50.3. > Credit to Stanislav Fort, Aisle Research. > Impact: Processing maliciously crafted web content may lead to an > unexpected process crash. Description: A buffer overflow was > addressed with improved bounds checking. > WebKit Bugzilla: 302218 This issue was actually fixed already in version 2.50.2 of both WPE WebKit and WebKitGTK. The advisories in the respective project's websites have been updated to reflect this as well. Cheers, —Adrián
signature.asc
Description: PGP signature
