Description
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
Problem types
Integer Overflow or Wraparound
Product status
Any version before 2.50.2
0:2.50.3-2.el7_9 (rpm) before *
0:2.50.3-1.el8_10 (rpm) before *
0:2.50.3-2.el8_2 (rpm) before *
0:2.50.3-2.el8_4 (rpm) before *
0:2.50.3-2.el8_4 (rpm) before *
0:2.50.3-2.el8_6 (rpm) before *
0:2.50.3-2.el8_6 (rpm) before *
0:2.50.3-2.el8_6 (rpm) before *
0:2.50.3-2.el8_8 (rpm) before *
0:2.50.3-2.el8_8 (rpm) before *
0:2.50.3-1.el9_7 (rpm) before *
0:2.50.3-1.el9_0 (rpm) before *
0:2.50.3-1.el9_2 (rpm) before *
0:2.50.3-1.el9_4 (rpm) before *
0:2.50.3-1.el9_6 (rpm) before *
Timeline
| 2025-11-21: | Reported to Red Hat. |
| 2025-11-25: | Made public. |
Credits
Red Hat would like to thank Aisle Research and Stanislav Fort for reporting this issue.
References
access.redhat.com/errata/RHSA-2025:22789 (RHSA-2025:22789)
access.redhat.com/errata/RHSA-2025:22790 (RHSA-2025:22790)
access.redhat.com/errata/RHSA-2025:23110 (RHSA-2025:23110)
access.redhat.com/errata/RHSA-2025:23433 (RHSA-2025:23433)
access.redhat.com/errata/RHSA-2025:23434 (RHSA-2025:23434)
access.redhat.com/errata/RHSA-2025:23451 (RHSA-2025:23451)
access.redhat.com/errata/RHSA-2025:23452 (RHSA-2025:23452)
access.redhat.com/errata/RHSA-2025:23583 (RHSA-2025:23583)
access.redhat.com/errata/RHSA-2025:23591 (RHSA-2025:23591)
access.redhat.com/errata/RHSA-2025:23742 (RHSA-2025:23742)
access.redhat.com/errata/RHSA-2025:23743 (RHSA-2025:23743)
access.redhat.com/security/cve/CVE-2025-13502
bugzilla.redhat.com/show_bug.cgi?id=2416300 (RHBZ#2416300)
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.