netsurf-browser CVE Vulnerabilities & Metrics

Focus on netsurf-browser vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About netsurf-browser Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with netsurf-browser. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total netsurf-browser CVEs: 8
Earliest CVE date: 12 Feb 2020, 03:15 UTC
Latest CVE date: 03 Nov 2025, 15:15 UTC

Latest CVE reference: CVE-2025-45663

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical netsurf-browser CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.12

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	4
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS netsurf-browser CVEs

These are the five CVEs with the highest CVSS scores for netsurf-browser, sorted by severity first and recency.

CVE-2015-7505 netsurf-browser Published on 18 Feb 2020, 18:15 UTC (CVSS: 6.8)
Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.
CVE-2015-7508 netsurf-browser Published on 12 Feb 2020, 03:15 UTC (CVSS: 6.8)
Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file.
CVE-2015-7507 netsurf-browser Published on 18 Feb 2020, 19:15 UTC (CVSS: 5.0)
libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.
CVE-2015-7506 netsurf-browser Published on 18 Feb 2020, 14:15 UTC (CVSS: 4.3)
The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.
CVE-2012-0844 netsurf-browser Published on 21 Feb 2020, 18:15 UTC (CVSS: 2.1)
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.

All CVEs for netsurf-browser

CVE-2025-45663 netsurf-browser vulnerability CVSS: 0 03 Nov 2025, 15:15 UTC

An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.

CVE-2025-29699 netsurf-browser vulnerability CVSS: 0 03 Nov 2025, 15:15 UTC

NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.

CVE-2024-51317 netsurf-browser vulnerability CVSS: 0 03 Nov 2025, 15:15 UTC

An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function

CVE-2012-0844 netsurf-browser vulnerability CVSS: 2.1 21 Feb 2020, 18:15 UTC

Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.

CVE-2015-7507 netsurf-browser vulnerability CVSS: 5.0 18 Feb 2020, 19:15 UTC

libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.

CVE-2015-7505 netsurf-browser vulnerability CVSS: 6.8 18 Feb 2020, 18:15 UTC

Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.

CVE-2015-7506 netsurf-browser vulnerability CVSS: 4.3 18 Feb 2020, 14:15 UTC

The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.

CVE-2015-7508 netsurf-browser vulnerability CVSS: 6.8 12 Feb 2020, 03:15 UTC

Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file.