Security Advisory

CVE-2025-11679

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-20 13:58:31

Last updated 2025-10-20 14:03:41

Assigner Nozomi

State PUBLISHED

Description

Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big height dimension.

← Browse all CVEs View on cve.org ↗