ALSA-2025:22789

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)
webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)
webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)
webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)
webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)
webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)
webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Packages

AlmaLinux:8webkit2gtk3

Fixed in:

2.50.3-1.el8_10

AlmaLinux:8webkit2gtk3-devel

Fixed in:

2.50.3-1.el8_10

AlmaLinux:8webkit2gtk3-jsc

Fixed in:

2.50.3-1.el8_10

AlmaLinux:8webkit2gtk3-jsc-devel

Fixed in:

2.50.3-1.el8_10

References

Mondoo Vulnerability Intelligence

ALSA-2025:22789

Details

Affected Packages

References

Related

Ecosystems

Timeline