CLSA-2025-1756751564

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLSA-2025-1756751564
Upstream
Published
2025-09-15T07:50:41Z
Modified
2026-05-27T11:35:19.820757605Z
Summary
webkit2gtk3: Fix of 18 CVEs
Details
  • Update to 2.48.5. The following CVEs were fixed:
  • CVE-2025-6558: fix processing maliciously crafted web content which may lead to an unexpected Safari crash
  • CVE-2025-31273: fix processing maliciously crafted web content which may lead to memory corruption
  • CVE-2025-31278: fix processing maliciously crafted web content which may lead to memory corruption
  • CVE-2025-43212: fix processing maliciously crafted web content which may lead to an unexpected Safari crash
  • CVE-2025-43216: fix processing maliciously crafted web content which may lead to an unexpected Safari crash
  • CVE-2025-43228: fix issue with visiting a malicious website which may lead to address bar spoofing
  • CVE-2025-24189: fix processing maliciously crafted web content which may lead to memory corruption
  • CVE-2025-31205: fix issue with a malicious website which may exfiltrate data cross-origin
  • CVE-2025-24208: fix loading a malicious iframe which may lead to a cross-site scripting attack
  • CVE-2024-54551: fix processing web content which may lead to a denial-of-service
  • CVE-2024-44192: fix processing maliciously crafted web content which may lead to an unexpected process crash
  • CVE-2024-54467: fix issue with a malicious website which may exfiltrate data cross-origin
  • CVE-2025-24162: fix processing maliciously crafted web content which may lead to an unexpected process crash
  • CVE-2024-54502: fix processing maliciously crafted web content which may lead to an unexpected process crash
  • CVE-2024-44244: fix processing maliciously crafted web content which may lead to an unexpected process crash
  • CVE-2024-44185: fix processing maliciously crafted web content which may lead to an unexpected process crash
  • CVE-2024-44187: fix issue wit a malicious website may exfiltrate data cross-origin
  • CVE-2024-40866: fix issue with visiting a malicious website which may lead to address bar spoofing
References

Affected packages

TuxCare:AlmaLinux:9.2 / webkit2gtk3

Package

Name
webkit2gtk3
Purl
pkg:rpm/tuxcare/webkit2gtk3?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.48.5-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json"

TuxCare:AlmaLinux:9.2 / webkit2gtk3-devel

Package

Name
webkit2gtk3-devel
Purl
pkg:rpm/tuxcare/webkit2gtk3-devel?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.48.5-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json"

TuxCare:AlmaLinux:9.2 / webkit2gtk3-jsc

Package

Name
webkit2gtk3-jsc
Purl
pkg:rpm/tuxcare/webkit2gtk3-jsc?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.48.5-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json"

TuxCare:AlmaLinux:9.2 / webkit2gtk3-jsc-devel

Package

Name
webkit2gtk3-jsc-devel
Purl
pkg:rpm/tuxcare/webkit2gtk3-jsc-devel?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.48.5-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json"