CVE-2025-11679

Published: October 23, 2025Last modified: June 18, 2026

Description

Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big height dimension.

Notes

lws_upng decoder was only introduced in 4.4

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlibwebsocketsNot affected (4.3.2-r1)
25 LTSlibwebsocketsNot affected (4.3.5-r2)
StreamlibwebsocketsNot affected (4.3.1-r0)

References

ON THIS PAGE