VDB

SUSE-SU-2025%3A4527-1

SUSE-SU-2025%3A4527-1 PUBLISHED CVSS 9.300000190734863 CRITICAL

This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: - CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497). - CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1255194). - CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a use-after-free issue (bsc#1255198). - CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race condition (bsc#1255183). - CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1255195). - CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1255200). - CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type confusion (bsc#1255191). Other updates and bugfixes: - Version 2.50.4: * Correctly handle the program name passed to the sleep disabler. * Ensure GStreamer is initialized before using the Quirks. * Fix several crashes and rendering issues. - Fix a11y regression where AT-SPI roles were mapped incorrectly.

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOSwebkit2gtk40, 0
SUSE:Manager Server LTS 4.3webkit2gtk3-soup20, 0
SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSSwebkit2gtk3-soup20, 0
SUSE:Linux Enterprise Server for SAP Applications 15 SP4webkit2gtk40, 0
SUSE:Linux Enterprise Server for SAP Applications 15 SP4webkit2gtk3-soup20, 0
SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSSwebkit2gtk3-soup20, 0
SUSE:Linux Enterprise Server 15 SP4-LTSSwebkit2gtk40, 0
SUSE:Linux Enterprise Server for SAP Applications 15 SP5webkit2gtk30, 0
SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSSwebkit2gtk40, 0
SUSE:Linux Enterprise Server 15 SP5-LTSSwebkit2gtk30, 0
SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSSwebkit2gtk30, 0
SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSwebkit2gtk3-soup20, 0
SUSE:Linux Enterprise Server for SAP Applications 15 SP5webkit2gtk40, 0
SUSE:Linux Enterprise Server 15 SP5-LTSSwebkit2gtk40, 0
SUSE:Linux Enterprise Server for SAP Applications 15 SP4webkit2gtk30, 0
SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSwebkit2gtk40, 0
SUSE:Linux Enterprise Server 15 SP4-LTSSwebkit2gtk3-soup20, 0
SUSE:Manager Proxy LTS 4.3webkit2gtk3-soup20, 0
SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOSwebkit2gtk3-soup20, 0
SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOSwebkit2gtk30, 0

…and 6 more

Timeline

  • Dec 26, 2025 CVE Published
  • Feb 4, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›