affected published on 18 Dec 2025 CVE-2025-13502 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 5 days ago by @LeSuisse Activity log Created automatic suggestion 3 weeks, 5 days ago @LeSuisse removed 5 packages tests.pkg-config.defaultPkgConfigPackages."webkit2gtk-4.0" obs-studio-plugins.obs-webkitgtk haskellPackages.webkit2gtk3-javascriptcore tests.pkg-config.defaultPkgConfigPackages."javascriptcoregtk-4.0" tests.pkg-config.defaultPkgConfigPackages."webkit2gtk-web-extension-4.0" 5 days ago @LeSuisse removed 4 maintainers @jtojnar @bobby285271 @hedning @dasj19 5 days ago @LeSuisse accepted as draft 5 days ago @LeSuisse update 5 days ago update Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server. Affected products webkitgtk webkitgtk3 webkitgtk4 webkit2gtk3 Matching in nixpkgs pkgs.webkitgtk_4_0 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=4.0 nixpkgs-25.05-darwin 2.50.1+abi=4.0 nixos-25.05-small 2.48.6+abi=4.0 nixos-unstable 2.48.6+abi=4.0 nixos-unstable-small 2.48.6+abi=4.0 nixpkgs-unstable 2.48.6+abi=4.0 pkgs.webkitgtk_4_1 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=4.1 nixpkgs-25.05-darwin 2.50.1+abi=4.1 nixos-25.05-small 2.48.6+abi=4.1 nixos-unstable 2.50.1+abi=4.1 nixos-unstable-small 2.50.1+abi=4.1 nixpkgs-unstable 2.48.6+abi=4.1 pkgs.webkitgtk_6_0 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=6.0 nixpkgs-25.05-darwin 2.50.1+abi=6.0 nixos-25.05-small 2.48.6+abi=6.0 nixos-unstable 2.50.1+abi=6.0 nixos-unstable-small 2.50.1+abi=6.0 nixpkgs-unstable 2.48.6+abi=6.0
CVE-2025-13502 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH updated 5 days ago by @LeSuisse Activity log Created automatic suggestion 3 weeks, 5 days ago @LeSuisse removed 5 packages tests.pkg-config.defaultPkgConfigPackages."webkit2gtk-4.0" obs-studio-plugins.obs-webkitgtk haskellPackages.webkit2gtk3-javascriptcore tests.pkg-config.defaultPkgConfigPackages."javascriptcoregtk-4.0" tests.pkg-config.defaultPkgConfigPackages."webkit2gtk-web-extension-4.0" 5 days ago @LeSuisse removed 4 maintainers @jtojnar @bobby285271 @hedning @dasj19 5 days ago @LeSuisse accepted as draft 5 days ago @LeSuisse update 5 days ago update Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server. Affected products webkitgtk webkitgtk3 webkitgtk4 webkit2gtk3 Matching in nixpkgs pkgs.webkitgtk_4_0 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=4.0 nixpkgs-25.05-darwin 2.50.1+abi=4.0 nixos-25.05-small 2.48.6+abi=4.0 nixos-unstable 2.48.6+abi=4.0 nixos-unstable-small 2.48.6+abi=4.0 nixpkgs-unstable 2.48.6+abi=4.0 pkgs.webkitgtk_4_1 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=4.1 nixpkgs-25.05-darwin 2.50.1+abi=4.1 nixos-25.05-small 2.48.6+abi=4.1 nixos-unstable 2.50.1+abi=4.1 nixos-unstable-small 2.50.1+abi=4.1 nixpkgs-unstable 2.48.6+abi=4.1 pkgs.webkitgtk_6_0 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=6.0 nixpkgs-25.05-darwin 2.50.1+abi=6.0 nixos-25.05-small 2.48.6+abi=6.0 nixos-unstable 2.50.1+abi=6.0 nixos-unstable-small 2.50.1+abi=6.0 nixpkgs-unstable 2.48.6+abi=6.0
pkgs.webkitgtk_4_0 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=4.0 nixpkgs-25.05-darwin 2.50.1+abi=4.0 nixos-25.05-small 2.48.6+abi=4.0 nixos-unstable 2.48.6+abi=4.0 nixos-unstable-small 2.48.6+abi=4.0 nixpkgs-unstable 2.48.6+abi=4.0
pkgs.webkitgtk_4_1 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=4.1 nixpkgs-25.05-darwin 2.50.1+abi=4.1 nixos-25.05-small 2.48.6+abi=4.1 nixos-unstable 2.50.1+abi=4.1 nixos-unstable-small 2.50.1+abi=4.1 nixpkgs-unstable 2.48.6+abi=4.1
pkgs.webkitgtk_6_0 Web content rendering engine, GTK port nixos-25.05 2.48.6+abi=6.0 nixpkgs-25.05-darwin 2.50.1+abi=6.0 nixos-25.05-small 2.48.6+abi=6.0 nixos-unstable 2.50.1+abi=6.0 nixos-unstable-small 2.50.1+abi=6.0 nixpkgs-unstable 2.48.6+abi=6.0