CVE-2025-11679

Name
CVE-2025-11679
Description
Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big height dimension.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
patch https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101
third-party-advisory https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11679

Match rules

CPE URI Source package Min version Max version
libwebsockets >= 4.0 <= 4.4.2
libwebsockets >= 4.0 <= 4.3.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libwebsockets edge-main 4.3.5-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets edge-main 4.3.5-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets edge-main 4.3.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets edge-main 4.3.3-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets edge-main 4.3.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets 3.22-main 4.3.5-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets 3.21-main 4.3.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets 3.20-main 4.3.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets 3.19-main 4.3.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable