CVE-2025-11679
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-11679, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-20

Last updated on: 2025-10-21

Assigner: Nozomi Networks Inc.

Description

Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big height dimension.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-20
Last Modified
2025-10-21
Generated
2026-07-06
AI Q&A
2025-10-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
warmcat libwebsockets 4.4.2
warmcat libwebsockets 4.1
warmcat libwebsockets 4.3.6
warmcat libwebsockets 4.2
warmcat libwebsockets 4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read in the UPNG (micro PNG decoder) library used by warmcat libwebsockets. Specifically, in the function lws_upng_emit_next_line, improper indexing of the input buffer allows reading past the allocated memory. This happens when the LWS_WITH_UPNG flag is enabled and the HTML display stack is used, triggered by visiting an attacker-controlled website containing a crafted PNG file with a large height dimension. The issue arises because the code calculates an index without proper bounds checking, potentially causing a crash or other unintended behavior. [1]

Impact Analysis

This vulnerability can cause a crash of the application using libwebsockets when processing a malicious PNG file, potentially leading to denial of service. Since it involves reading memory out of bounds, it might also expose sensitive information or lead to undefined behavior, depending on the context and exploitation, although the primary impact described is a crash. [1]

Detection Guidance

This vulnerability can be detected by monitoring for crashes or abnormal behavior in applications using libwebsockets with the LWS_WITH_UPNG flag enabled when processing PNG files. Since the issue occurs when visiting attacker-controlled websites with crafted PNG files, network detection could involve inspecting PNG files for unusually large height dimensions or malformed PNGs. However, no specific detection commands or signatures are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include applying the patch that fixes the out-of-bounds read by adding bounds checking with a modulo operation on the input buffer index in the function `lws_upng_emit_next_line` in `lib/misc/upng.c`. Alternatively, disabling the LWS_WITH_UPNG flag during compilation or avoiding the use of the HTML display stack that processes PNG files can reduce exposure. Also, avoid visiting untrusted websites that may host crafted PNG files until patched. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11679. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart