CVE-2025-11680

Name
CVE-2025-11680
Description
Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big width value that causes an integer overflow which value is used for determining the size of a heap allocation.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
patch https://libwebsockets.org/git/libwebsockets/commit?id=2b715249f39291c86443b969a1088d59b6a89b78
third-party-advisory https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11680

Match rules

CPE URI Source package Min version Max version
libwebsockets >= 4.0 <= 4.4.2
libwebsockets >= 4.0 <= 4.3.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libwebsockets edge-main 4.3.5-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets edge-main 4.3.5-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets edge-main 4.3.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets edge-main 4.3.3-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets edge-main 4.3.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets 3.22-main 4.3.5-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets 3.21-main 4.3.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets 3.20-main 4.3.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libwebsockets 3.19-main 4.3.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable