CVE-2025-7345

HIGH

Gdk-Pixbuf - Buffer Overflow

Title source: llm

Description

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

References (15)

Core 15

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12841

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12862

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:13315

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14574

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14575

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14576

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14585

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14618

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14646

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14647

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14683

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-7345

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2377063

Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00024.html

Issue Tracking

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249

Scores

CVSS v3 7.5

EPSS 0.0045

EPSS Percentile 63.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (16)

Red Hat/Red Hat Enterprise Linux 10 0:2.42.12-4.el10_0

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.36.12-4.el7_9

Red Hat/Red Hat Enterprise Linux 8 0:2.36.12-7.el8_10

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:2.36.12-6.el8_2

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:2.36.12-6.el8_4

Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 0:2.36.12-6.el8_4

Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 0:2.36.12-6.el8_6

Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service 0:2.36.12-6.el8_6

Red Hat/Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 0:2.36.12-6.el8_6

... and 6 more

Published Jul 08, 2025

Tracked Since Feb 18, 2026