CVE-2025-7345
Vulnerability
CVE-2025-7345
gdk‑pixbuf: Heap‑buffer‑overflow in gdk‑pixbuf
ecosystem: redhat:6, redhat:7, redhat:8, redhat:9, redhat:10A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-7345
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2377063
- secalert@redhat.com: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-7345
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-7345
type: vendor
source: secalert@redhat.com
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| AV | Network | |
|---|---|---|
| AC | Low | |
| PR | None | |
| UI | None | |
| S | Not Changed | |
| C | None | |
| I | None | |
| A | High |
source: secalert@redhat.com
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
source: secalert@redhat.com
published: 2025-07-08 00:00:00
modified: 2025-07-09 07:43:56
Detection
OR
gdk-pixbuf2
package type: source
tag: rhel-10:0e133532-6bb9-3d4e-9922-aeb72191b706
OR
gdk-pixbuf2
package type: source
tag: rhel-6-els:1a423e2b-2f84-318b-f396-2e411353ee6f
OR
gdk-pixbuf2
package type: source
tag: rhel-7-extras-including-unpatched:b6aab1f9-66ab-0ac3-4624-45068d359f5a
OR
gdk-pixbuf2
package type: source
tag: rhel-8-including-unpatched:564d6827-2f98-498d-ca48-9ff6d76e4979
OR
gdk-pixbuf2
package type: source
tag: rhel-9-including-unpatched:55d69243-268a-0684-ea75-89cb3ea6ece4
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
