Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2025:1331-1 important: webkit2gtk3 buffer overflow

suse
Calendar Grey April 16, 2025
Dist Suse Esm H88
Significant SUSE release for webkit2gtk3 tackles numerous critical vulnerabilities and improves security with a total of seven patches.
* bsc#1240958 * bsc#1240961 * bsc#1240962 * bsc#1240963 * bsc#1240964

Summary

## This update for webkit2gtk3 fixes the following issues: * Update to version 2.48.1 * CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) * CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) * CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) * CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) * CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) * CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987)

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow cross-site scripting important webkit2gtk3

References

* bsc#1240958

* bsc#1240961

* bsc#1240962

* bsc#1240963

* bsc#1240964

* bsc#1240986

* bsc#1240987

Cross-

* CVE-2024-54551

* CVE-2025-24208

* CVE-2025-24209

* CVE-2025-24213

* CVE-2025-24216

* CVE-2025-24264

* CVE-2025-30427

CVSS scores:

* CVE-2024-54551 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-54551 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-54551 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-24208 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-24208 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

* CVE-2025-24208 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2025-24209 ( SUSE ): 8.7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:1331-1
Release Date: 2025-04-16T15:15:09Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow cross-site scripting important webkit2gtk3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here