CVE-2025-11679

Name of the Vulnerable Software and Affected Versions libwebsockets (affected versions not specified)

Description An out-of-bounds read issue exists in the lws upng emit next line function within libwebsockets when the LWS WITH UPNG flag is enabled during compilation and the HTML display stack is utilized. This condition can occur when a user visits a website containing a specially crafted PNG file with a large height dimension, potentially leading to a crash due to reading past a heap-allocated buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.