CVE-2025-7345Classic Buffer Overflow in Gdk-pixbuf

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read10 documents8 sources
Severity
7.5HIGHNVD
OSV3.3
EPSS
0.4%
top 38.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Gdk-pixbuf
Timeline
PublishedJul 8
Latest updateJul 22

Description

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debiangnome/gdk-pixbuf< 2.42.2+dfsg-1+deb11u4+3
Ubuntugnome/gdk-pixbuf< 2.42.8+dfsg-1ubuntu0.4+4

🔴Vulnerability Details

4
OSV
gdk-pixbuf vulnerabilities2025-07-22
CVEList
Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf2025-07-08
GHSA
GHSA-xrq2-m5w8-p5wg: A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg2025-07-08
OSV
CVE-2025-7345: A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg2025-07-08

📋Vendor Advisories

5
Ubuntu
GDK-PixBuf vulnerabilities2025-07-22
Microsoft
Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf2025-07-08
Red Hat
gdk‑pixbuf: Heap‑buffer‑overflow in gdk‑pixbuf2025-07-08
Debian
CVE-2025-7345: gdk-pixbuf - A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment fun...2025
Microsoft
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sour2022-10-11
CVE-2025-7345 — Classic Buffer Overflow in Gdk-pixbuf | cvebase