CVE-2025-45663
CVE-2025-45663
In short
NetSurf v3.11 reads uninitialized memory from the heap when creating a dom_event structure, potentially exposing sensitive data from other parts of the application's memory.
Technical detail
CWE-244: Improper Clearing of Heap Memory Before Release. When NetSurf constructs dom_event structures, heap memory is accessed without proper initialization, allowing information disclosure of previous heap contents. This occurs during normal DOM event creation without requiring special user interaction.
Summary generated and translated by AI from the official description.
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →