EUVD-2025-201244CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Analysis
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Technical ContextAI
A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Classic Buffer Overflow (CWE-120).
RemediationAI
Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.
More from same product – last 7 days
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock
Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | ignored | - |
| bionic | ignored | - |
| jammy | DNE | - |
| noble | DNE | - |
| plucky | DNE | - |
| questing | DNE | - |
| upstream | needs-triage | - |
| Release | Status | Version |
|---|---|---|
| xenial | ignored | - |
| bionic | ignored | - |
| focal | ignored | - |
| jammy | released | 2.50.3-0ubuntu0.22.04.1 |
| upstream | released | 2.50.3 |
| noble | released | 2.50.3-0ubuntu0.24.04.1 |
| plucky | released | 2.50.3-0ubuntu0.25.04.1 |
| questing | released | 2.50.3-0ubuntu0.25.10.1 |
| Release | Status | Version |
|---|---|---|
| xenial | ignored | - |
| bionic | ignored | - |
| jammy | DNE | - |
| noble | DNE | - |
| plucky | DNE | - |
| questing | DNE | - |
| upstream | needs-triage | - |
| Release | Status | Version |
|---|---|---|
| xenial | ignored | - |
| bionic | ignored | - |
| focal | ignored | - |
| jammy | ignored | - |
| noble | ignored | - |
| plucky | DNE | - |
| questing | DNE | - |
| upstream | needs-triage | - |
| Release | Status | Version |
|---|---|---|
| focal | ignored | - |
| jammy | ignored | - |
| noble | DNE | - |
| plucky | DNE | - |
| questing | DNE | - |
| upstream | released | 2.50.3-1 |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 2.50.3-1~deb11u1 | - |
| bullseye (security) | fixed | 2.50.4-1~deb11u1 | - |
| bookworm, bookworm (security) | fixed | 2.50.4-1~deb12u1 | - |
| trixie (security), trixie | fixed | 2.50.4-1~deb13u1 | - |
| forky | fixed | 2.50.5-1 | - |
| sid | fixed | 2.50.6-1 | - |
| bookworm | fixed | 2.50.3-1~deb12u1 | - |
| trixie | fixed | 2.50.3-1~deb13u1 | - |
| (unstable) | fixed | 2.50.3-1 | - |
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye (security), bullseye | vulnerable | 2.38.6-1~deb11u1 | - |
| bookworm | vulnerable | 2.38.6-1 | - |
| trixie | vulnerable | 2.48.3-1 | - |
| forky | fixed | 2.50.5-1 | - |
| sid | fixed | 2.50.6-1 | - |
| bullseye | fixed | (unfixed) | end-of-life |
| (unstable) | fixed | 2.50.3-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today