CVE-2025-11680

Published: October 23, 2025Last modified: June 18, 2026

Description

Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big width value that causes an integer overflow which value is used for determining the size of a heap allocation.

Notes

lws_upng decoder was only introduced in 4.4

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	libwebsockets	Not affected (4.3.2-r1)
	25 LTS	libwebsockets	Not affected (4.3.5-r2)
	Stream	libwebsockets	Not affected (4.3.1-r0)

References

How to Fix Liberica NIK Not Starting on macOS Catalina and Later

If you use macOS Catalina and later you may encounter the issue that prevents Liberica NIK from starting. To fix it, run the following:

sudo xattr -r -d com.apple.quarantine path/to/graalvm/folder/

If you need more help, check out the FAQ at the bottom of this page or contact us.