Nixpkgs Security Tracker

Permalink CVE-2025-13502

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 3 months, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 4 months ago
@LeSuisse removed
5 packages
- tests.pkg-config.defaultPkgConfigPackages."webkit2gtk-4.0"
- obs-studio-plugins.obs-webkitgtk
- haskellPackages.webkit2gtk3-javascriptcore
- tests.pkg-config.defaultPkgConfigPackages."javascriptcoregtk-4.0"
- tests.pkg-config.defaultPkgConfigPackages."webkit2gtk-web-extension-4.0"
3 months, 1 week ago
@LeSuisse removed
4 maintainers
- @jtojnar
- @bobby285271
- @hedning
- @dasj19
3 months, 1 week ago
@LeSuisse accepted 3 months, 1 week ago
@LeSuisse published on GitHub 3 months, 1 week ago

Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

References

https://access.redhat.com/security/cve/CVE-2025-13502 x_refsource_REDHAT vdb-entry
RHBZ#2416300 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13502 x_refsource_REDHAT vdb-entry
RHBZ#2416300 issue-tracking x_refsource_REDHAT
RHSA-2025:22789 vendor-advisory x_refsource_REDHAT
RHSA-2025:22790 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13502 x_refsource_REDHAT vdb-entry
RHBZ#2416300 issue-tracking x_refsource_REDHAT
RHSA-2025:22789 vendor-advisory x_refsource_REDHAT
RHSA-2025:22790 vendor-advisory x_refsource_REDHAT
RHSA-2025:23110 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13502 x_refsource_REDHAT vdb-entry
RHBZ#2416300 issue-tracking x_refsource_REDHAT
RHSA-2025:22789 vendor-advisory x_refsource_REDHAT
RHSA-2025:22790 vendor-advisory x_refsource_REDHAT
RHSA-2025:23110 vendor-advisory x_refsource_REDHAT
RHSA-2025:23433 vendor-advisory x_refsource_REDHAT
RHSA-2025:23434 vendor-advisory x_refsource_REDHAT
RHSA-2025:23451 vendor-advisory x_refsource_REDHAT
RHSA-2025:23452 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13502 x_refsource_REDHAT vdb-entry
RHBZ#2416300 issue-tracking x_refsource_REDHAT
RHSA-2025:22789 vendor-advisory x_refsource_REDHAT
RHSA-2025:22790 vendor-advisory x_refsource_REDHAT
RHSA-2025:23110 vendor-advisory x_refsource_REDHAT
RHSA-2025:23433 vendor-advisory x_refsource_REDHAT
RHSA-2025:23434 vendor-advisory x_refsource_REDHAT
RHSA-2025:23451 vendor-advisory x_refsource_REDHAT
RHSA-2025:23452 vendor-advisory x_refsource_REDHAT
RHSA-2025:23583 vendor-advisory x_refsource_REDHAT
RHSA-2025:23591 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13502 x_refsource_REDHAT vdb-entry
RHBZ#2416300 issue-tracking x_refsource_REDHAT
RHSA-2025:22789 vendor-advisory x_refsource_REDHAT
RHSA-2025:22790 vendor-advisory x_refsource_REDHAT
RHSA-2025:23110 vendor-advisory x_refsource_REDHAT
RHSA-2025:23433 vendor-advisory x_refsource_REDHAT
RHSA-2025:23434 vendor-advisory x_refsource_REDHAT
RHSA-2025:23451 vendor-advisory x_refsource_REDHAT
RHSA-2025:23452 vendor-advisory x_refsource_REDHAT
RHSA-2025:23583 vendor-advisory x_refsource_REDHAT
RHSA-2025:23591 vendor-advisory x_refsource_REDHAT
RHSA-2025:23742 vendor-advisory x_refsource_REDHAT
RHSA-2025:23743 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13502 x_refsource_REDHAT vdb-entry
RHBZ#2416300 issue-tracking x_refsource_REDHAT
RHSA-2025:22789 vendor-advisory x_refsource_REDHAT
RHSA-2025:22790 vendor-advisory x_refsource_REDHAT
RHSA-2025:23110 vendor-advisory x_refsource_REDHAT
RHSA-2025:23433 vendor-advisory x_refsource_REDHAT
RHSA-2025:23434 vendor-advisory x_refsource_REDHAT
RHSA-2025:23451 vendor-advisory x_refsource_REDHAT
RHSA-2025:23452 vendor-advisory x_refsource_REDHAT
RHSA-2025:23583 vendor-advisory x_refsource_REDHAT
RHSA-2025:23591 vendor-advisory x_refsource_REDHAT
RHSA-2025:23742 vendor-advisory x_refsource_REDHAT
RHSA-2025:23743 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13502 x_refsource_REDHAT vdb-entry
RHBZ#2416300 issue-tracking x_refsource_REDHAT

Affected products

webkitgtk

<2.50.2

webkitgtk3

webkitgtk4

webkit2gtk3

Matching in nixpkgs

pkgs.webkitgtk_4_0

Web content rendering engine, GTK port

nixos-unstable 2.48.6+abi=4.0
- nixpkgs-unstable 2.48.6+abi=4.0
- nixos-unstable-small 2.50.0+abi=4.0

pkgs.webkitgtk_4_1

Web content rendering engine, GTK port

nixos-unstable 2.50.1+abi=4.1
- nixpkgs-unstable 2.50.1+abi=4.1
- nixos-unstable-small 2.50.2+abi=4.1

pkgs.webkitgtk_6_0

Web content rendering engine, GTK port

nixos-unstable 2.50.1+abi=6.0
- nixpkgs-unstable 2.50.1+abi=6.0
- nixos-unstable-small 2.50.2+abi=6.0

Package maintainers

Ignored maintainers (4)

@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.webkitgtk_4_0

pkgs.webkitgtk_4_1

pkgs.webkitgtk_6_0

Package maintainers