rpm package

almalinux/webkit2gtk3

pkg:rpm/almalinux/webkit2gtk3

Vulnerabilities (224)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2025-43511	Med	6.5		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Dec 12, 2025	A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected pr
CVE-2025-66287	Hig	8.8		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Dec 4, 2025	A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
CVE-2025-13947	Hig	7.4		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Dec 3, 2025	A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside th
CVE-2025-13502	Hig	7.5		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 25, 2025	A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
CVE-2023-43000		—	KEV	< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 5, 2025	A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43480	Hig	8.1		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.
CVE-2025-43458	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected p
CVE-2025-43457	Med	6.5		< 2.52.3-1.el8_10	2.52.3-1.el8_10	Nov 4, 2025	A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43443	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43440	Med	6.5		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43434	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Sa
CVE-2025-43432	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43431	Hig	8.8		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43430	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43429	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpecte
CVE-2025-43427	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43425	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43421	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43419	Hig	8.8		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43392	Med	4.3		< 2.50.3-1.el8_10	2.50.3-1.el8_10	Nov 4, 2025	The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.

CVE-2025-43511MedDec 12, 2025
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected pr
CVE-2025-66287HigDec 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
CVE-2025-13947HigDec 3, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside th
CVE-2025-13502HigNov 25, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
CVE-2023-43000KEVNov 5, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43480HigNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.
CVE-2025-43458MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected p
CVE-2025-43457MedNov 4, 2025
affected < 2.52.3-1.el8_10fixed 2.52.3-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43443MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43440MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43434MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Sa
CVE-2025-43432MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43431HigNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43430MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43429MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpecte
CVE-2025-43427MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43425MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43421MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43419HigNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43392MedNov 4, 2025
affected < 2.50.3-1.el8_10fixed 2.50.3-1.el8_10
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.

Page 2 of 12