cbcvebase.
CVE-2025-7345
published 2025-07-08

CVE-2025-7345: A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.05%
60.0th percentile
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

Affected

16 ranges
VendorProductVersion rangeFixed in
debiangdk-pixbuf< gdk-pixbuf 2.42.10+dfsg-1+deb12u3 (bookworm)gdk-pixbuf 2.42.10+dfsg-1+deb12u3 (bookworm)
gnomegdk-pixbuf>= 0 < 2.42.2+dfsg-1+deb11u42.42.2+dfsg-1+deb11u4
gnomegdk-pixbuf>= 0 < 2.42.10+dfsg-1+deb12u32.42.10+dfsg-1+deb12u3
gnomegdk-pixbuf>= 0 < 2.42.12+dfsg-42.42.12+dfsg-4
gnomegdk-pixbuf>= 0 < 2.42.12+dfsg-42.42.12+dfsg-4
gnomegdk-pixbuf>= 0 < 2.42.8+dfsg-1ubuntu0.42.42.8+dfsg-1ubuntu0.4
gnomegdk-pixbuf>= 0 < 2.42.10+dfsg-3ubuntu3.22.42.10+dfsg-3ubuntu3.2
gnomegdk-pixbuf>= 0 < 2.32.2-1ubuntu1.6+esm22.32.2-1ubuntu1.6+esm2
gnomegdk-pixbuf>= 0 < 2.36.11-2ubuntu0.1~esm22.36.11-2ubuntu0.1~esm2
gnomegdk-pixbuf>= 0 < 2.40.0+dfsg-3ubuntu0.5+esm12.40.0+dfsg-3ubuntu0.5+esm1
msrcazl3_gdk-pixbuf2_2.42.10-2_on_azure_linux_3.0
msrcazl3_gdk-pixbuf2_2.42.10-4_on_azure_linux_3.0
msrccbl2_gdk-pixbuf2_2.40.0-6_on_cbl_mariner_2.0
msrccbl2_libtiff_4.4.0-6_on_cbl_mariner_2.0
msrccm1_libtiff_4.4.0-5_on_cbl_mariner_1.0
msrccm2_gdk-pixbuf2_2.40.0-8_on_cbl_mariner_2.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu3.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.