CVE-2025-11679

NameCVE-2025-11679
DescriptionOut-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big height dimension.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libwebsockets (PTS)bullseye4.0.20-2fixed
bullseye (security)4.0.20-2+deb11u1fixed
bookworm4.1.6-3fixed
trixie4.3.5-1+deb13u1fixed
forky, sid4.3.5-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libwebsocketssource(unstable)(not affected)

Notes

- libwebsockets <not-affected> (Vulnerable code introduced in 4.4.0)
Introduced in: https://libwebsockets.org/git/libwebsockets/commit?id=48907fca0a25c39ce35692c527cb8aa82ee60d85 (v4.4.0)
Fixed in: https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101
Search for package or bug name: Reporting problems