Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

SUSE: webkit2gtk3 Important Memory Corruption Issues 2026:0021-1

suse
Calendar Grey January 5, 2026
Dist Suse Esm H88
SUSE's latest webkit2gtk3 update fixes 25 security issues including memory corruption and information leaks.
An update that solves 25 vulnerabilities can now be installed.

Summary

## This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: * CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of- bounds read and an integer underflow (bsc#1254208). * CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of verification of the origins of drag operations (bsc#1254473). * CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497). * CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165). * CVE-2025-43421: processing maliciously crafted web content may lead to an

References

* bsc#1254164

* bsc#1254165

* bsc#1254166

* bsc#1254167

* bsc#1254168

* bsc#1254169

* bsc#1254170

* bsc#1254171

* bsc#1254172

* bsc#1254174

* bsc#1254175

* bsc#1254176

* bsc#1254177

* bsc#1254179

* bsc#1254208

* bsc#1254473

* bsc#1254498

* bsc#1254509

* bsc#1255183

* bsc#1255191

* bsc#1255194

* bsc#1255195

* bsc#1255198

* bsc#1255200

* bsc#1255497

Cross-

* CVE-2023-43000

* CVE-2025-13502

* CVE-2025-13947

* CVE-2025-14174

* CVE-2025-43392

* CVE-2025-43419

* CVE-2025-43421

* CVE-2025-43425

* CVE-2025-43427

* CVE-2025-43429

* CVE-2025-43430

* CVE-2025-43431

* CVE-2025-43432

* CVE-2025-43434

* CVE-2025-43440

* CVE-2025-43443

* CVE-2025-43458

* CVE-2025-43480

* CVE-2025-43501

* CVE-2025-43529

* CVE-2025-43531

* CVE-2025-43535

* CVE-2025-43536

* CVE-2025-43541

* CVE-2025-66287

CVSS scores:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0021-1
Release Date: 2026-01-05T11:16:02Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.