DLA-4276-1

CVE-2025-43212 CVE-2025-43216 CVE-2025-43227 CVE-2025-43228 CVE-2025-43240 CVE-2025-43265

The following vulnerabilities have been discovered in the WebKitGTK web engine:

CVE-2025-6558

Clement Lecigne and Vlad Stolyarov discovered that processing
maliciously crafted web content may lead to an unexpected crash.

CVE-2025-31273

Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that
processing maliciously crafted web content may lead to memory
corruption.

CVE-2025-31278

Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that
processing maliciously crafted web content may lead to memory
corruption.

CVE-2025-43211

Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that
processing web content may lead to a denial-of-service.

CVE-2025-43212

Nan Wang and Ziling Chen discovered that processing maliciously
crafted web content may lead to an unexpected crash.

CVE-2025-43216

Ignacio Sanmillan discovered that processing maliciously crafted
web content may lead to an unexpected crash.

CVE-2025-43227

Gilad Moav discovered that processing maliciously crafted web
content may disclose sensitive user information.

CVE-2025-43228

Jaydev Ahire discovered that visiting a malicious website may lead
to address bar spoofing.

CVE-2025-43240

Syarif Muhammad Sajjad discovered that a download's origin may be
incorrectly associated.

CVE-2025-43265

HexRabbit discovered that processing maliciously crafted web
content may disclose internal states of the app.

webkit2gtk

Debian 11

Fixed in:

2.48.5-1~deb11u1