CVE-2025-11680
- Published: 2025-10-20T14:15:40.520
- Last modified: 1761075085
Summary
🛡️ Vulnerability overview CVE-2025-11680 Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big width value that causes an integer overflow which value is used for determining the size of a heap allocation. 📊 Technical details Severity: CVSS: Vendor:…
Technical details
Severity & risk metrics
Affected products & vendors
Vendors not specified.
Exploit & mitigation
No vendor patch links provided.
References & resources
No references.
🛡️ Vulnerability overview CVE-2025-11680
Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big width value that causes an integer overflow which value is used for determining the size of a heap allocation.
📊 Technical details
- Severity:
- CVSS:
- Vendor:
🧩 Affected products
- Not specified.
🚨 Recommended mitigations
- Update to the latest available version
- Monitor logs and network traffic
- Apply least-privilege and segment the network
🔗 References
- https://libwebsockets.org/git/libwebsockets/commit?id=2b715249f39291c86443b969a1088d59b6a89b78
- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11680
🧭 Related vulnerabilities
- No related CVEs.
Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big width value that causes an integer overflow which value is used for determining the size of a heap allocation.
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No vendor taxonomy on this entry.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
How to fix CVE-2025-11680
Description: Summary 🛡️ Vulnerability overview CVE-2025-11680 Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a […]
Exploit Difficulty: HARD
âąď¸ Time to exploit: > 4 hours
đ ď¸ Required skills: Advanced security expertise
đ° Public exploits: Rare or not public
How to Fix:
- Check if you're running the affected product
- Update to the latest patched version
- If patching is not immediately possible: restrict network exposure, apply least-privilege access
- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)
- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations
Vendor Advisory: https://libwebsockets.org/git/libwebsockets/commit?id=2b715249f39291c86443b969a1088d59b6a89b78https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11680
Exploit Difficulty Assessment
Vulnerability Timeline
CVE details first published to NVD database
CVE details were updated
Added to this CVE tracking system
Detection Rules & IOCs
No specific detection rules generated for this vulnerability type.
No vendor/product data available.