Bug 2405115 (CVE-2025-11679)
| Summary: | CVE-2025-11679 libwebsockets: Out-of-bounds Read in libwebsockets PNG parsing | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | ansmith, eglynn, jjoyce, jschluet, lhh, lsvaty, mburns, mgarciac, peholase, pgrist, pjindal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
An out of bounds read has been discovered in libwebsockets. The issue is caused by the `lws_upng_emit_next_line` function, specifically in the branch when `uf->padded` is true, in the loop where it reads from the sliding window, ibp is incremented but never reset,
making it possible to read past the buffer, and if the input file is big
enough, reading past the currently mapped heap memory causing a crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2405213, 2405214, 2405215, 2405216, 2405217 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-20 17:23:22 UTC
|