CVE-2025-11679
Published: October 23, 2025Last modified: June 18, 2026
Description
Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big height dimension.
Notes
lws_upng decoder was only introduced in 4.4
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | libwebsockets | Not affected (4.3.2-r1) |
| 25 LTS | libwebsockets | Not affected (4.3.5-r2) | |
| Stream | libwebsockets | Not affected (4.3.1-r0) |