Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: webkit2gtk3 Important Security Update DoS 2025:4423-1 CVE-2023-43000

suse
Calendar Grey December 17, 2025
Dist Suse Esm H88
SUSE Security update for webkit2gtk3 addresses 18 important vulnerabilities. Update is recommended to safeguard systems.
An update that solves 18 vulnerabilities can now be installed.

Summary

## This update for webkit2gtk3 fixes the following issues: Update to version 2.50.3. Security issues fixed: * CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of- bounds read and an integer underflow (bsc#1254208). * CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of verification of the origins of drag operations (bsc#1254473). * CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165). * CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled array allocation sinking (bsc#1254167).

References

* bsc#1254164

* bsc#1254165

* bsc#1254166

* bsc#1254167

* bsc#1254168

* bsc#1254169

* bsc#1254170

* bsc#1254171

* bsc#1254172

* bsc#1254174

* bsc#1254175

* bsc#1254176

* bsc#1254177

* bsc#1254179

* bsc#1254208

* bsc#1254473

* bsc#1254498

* bsc#1254509

Cross-

* CVE-2023-43000

* CVE-2025-13502

* CVE-2025-13947

* CVE-2025-43392

* CVE-2025-43419

* CVE-2025-43421

* CVE-2025-43425

* CVE-2025-43427

* CVE-2025-43429

* CVE-2025-43430

* CVE-2025-43431

* CVE-2025-43432

* CVE-2025-43434

* CVE-2025-43440

* CVE-2025-43443

* CVE-2025-43458

* CVE-2025-43480

* CVE-2025-66287

CVSS scores:

* CVE-2023-43000 ( SUSE ): 8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2023-43000 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4423-1
Release Date: 2025-12-17T11:01:44Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here