Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE 15 SP3: 2025:02033-1 important: webkit2gtk3 memory issues

suse
Calendar Grey June 20, 2025
Dist Suse Esm H88
Crucial patch for webkit2gtk3 fixes several severe memory vulnerability problems. Upgrade immediately!
* bsc#1241158 * bsc#1241160 * bsc#1243282 * bsc#1243286 * bsc#1243288

Summary

## This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2: * CVE-2025-24223: Processing maliciously crafted web content may lead to memory corruption (bsc#1243424). * CVE-2025-31204: Processing maliciously crafted web content may lead to memory corruption (bsc#1243286). * CVE-2025-31205: A malicious website may exfiltrate data cross-origin (bsc#1243282). * CVE-2025-31206: Processing maliciously crafted web content may lead to an unexpected crash (bsc#1243288). * CVE-2025-31215: Processing maliciously crafted web content may lead to an unexpected process crash (bsc#1243289). * CVE-2025-31257: Improper memory handling when processing certain web content may lead to an unexpected crash (bsc#1243596). * CVE-2023-42875: Improper memory handling may lead to arbitrary code

Topics%20covered

Topics Covered

security advisory memory corruption important suse webkit2gtk3 cross-origin data exfiltration

References

* bsc#1241158

* bsc#1241160

* bsc#1243282

* bsc#1243286

* bsc#1243288

* bsc#1243289

* bsc#1243424

* bsc#1243596

Cross-

* CVE-2023-42875

* CVE-2023-42970

* CVE-2025-24223

* CVE-2025-31204

* CVE-2025-31205

* CVE-2025-31206

* CVE-2025-31215

* CVE-2025-31257

CVSS scores:

* CVE-2023-42875 ( SUSE ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2023-42875 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

* CVE-2023-42875 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

* CVE-2023-42970 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2023-42970 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-42970 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02033-1
Release Date: 2025-06-20T08:04:18Z
Rating: important

Topics%20covered

Topics Covered

security advisory memory corruption important suse webkit2gtk3 cross-origin data exfiltration

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here