webkit2gtk3-2.50.3-1.el8_10.ML.1
エラータID: AXSA:2025-11507:20
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)
* webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)
* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)
* webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-43000
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-13502
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
CVE-2025-13947
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
CVE-2025-43392
The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. A website may exfiltrate image data cross-origin.
CVE-2025-43419
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43421
Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43425
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43427
This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43429
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43430
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43431
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43432
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43434
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43440
This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43443
This issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43458
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43480
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. A malicious website may exfiltrate data cross-origin.
CVE-2025-66287
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Update packages.
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. A website may exfiltrate image data cross-origin.
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.
Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption.
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
This issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. A malicious website may exfiltrate data cross-origin.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
N/A
SRPMS
- webkit2gtk3-2.50.3-1.el8_10.ML.1.src.rpm
MD5: 620a0607059564bacf091a9ec37e5bc8
SHA-256: 812b94b3d159c5b6877edea31adfcb4c2e418f57e8c524739539925c9cfbb5de
Size: 41.81 MB
Asianux Server 8 for x86_64
- webkit2gtk3-2.50.3-1.el8_10.ML.1.i686.rpm
MD5: 6d02e52a773b0a3517645950ec63c3d5
SHA-256: 79605d3798513e9ce3c76be8d061a29b8c5a21439eb1a5716320a0aa2ec0f6f6
Size: 27.06 MB - webkit2gtk3-2.50.3-1.el8_10.ML.1.x86_64.rpm
MD5: 83974bcea1c6ea9a8b7115649e7297e3
SHA-256: 3dafb71430ed7369b422967bcff7d86724f9bd607f3829adf41b69127eb43584
Size: 26.81 MB - webkit2gtk3-devel-2.50.3-1.el8_10.ML.1.i686.rpm
MD5: dbff8657bd258d483f7f2c1b7bb1f967
SHA-256: 6f17b83553634900ca19085f6fdc87aeadde317d98359210b21022214f81ea0c
Size: 308.05 kB - webkit2gtk3-devel-2.50.3-1.el8_10.ML.1.x86_64.rpm
MD5: 5a0881e576349f44be00f8a8d4f2676c
SHA-256: d38400615376139cf60cc68399b31edc73f4a23a37a17188941bc67cb35431ac
Size: 309.75 kB - webkit2gtk3-jsc-2.50.3-1.el8_10.ML.1.i686.rpm
MD5: 85988f7a556f28da31f9ed0380608dad
SHA-256: 5ad457a41f7b8ee01733391cbbc2294224affee201b1f10dbd95edf7919f81fe
Size: 4.08 MB - webkit2gtk3-jsc-2.50.3-1.el8_10.ML.1.x86_64.rpm
MD5: 06870ce0ac985f29d4ea5edfbbe66c28
SHA-256: 81f6937be71771c31f8ccb4e52e55f50fedfd3a4c20d732a215016193a59dd98
Size: 8.09 MB - webkit2gtk3-jsc-devel-2.50.3-1.el8_10.ML.1.i686.rpm
MD5: d2228769a3268cd044fc29896ed317c7
SHA-256: 317d13df487a9b882859e91cdf07934e27eaecd0f6d7bf7ec8430ce3d7222b4c
Size: 166.43 kB - webkit2gtk3-jsc-devel-2.50.3-1.el8_10.ML.1.x86_64.rpm
MD5: 677b92c0d1ff62f2220450bf7edbc49c
SHA-256: 82e22fff5b47a389312022817f56e7172f8b5d34f62708dd487fee1468738303
Size: 163.69 kB