Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7345

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

Published

2025-07-08T14:15:32.397

Last Modified

2025-11-03T18:17:02.270

Status

Undergoing Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-120

Affected Vendors & Products

References

https://access.redhat.com/errata/RHSA-2025:12841 ([email protected])
https://access.redhat.com/errata/RHSA-2025:12862 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13315 ([email protected])
https://access.redhat.com/errata/RHSA-2025:14574 ([email protected])
https://access.redhat.com/errata/RHSA-2025:14575 ([email protected])
https://access.redhat.com/errata/RHSA-2025:14576 ([email protected])
https://access.redhat.com/errata/RHSA-2025:14585 ([email protected])
https://access.redhat.com/errata/RHSA-2025:14618 ([email protected])
https://access.redhat.com/errata/RHSA-2025:14646 ([email protected])
https://access.redhat.com/errata/RHSA-2025:14647 ([email protected])
https://access.redhat.com/errata/RHSA-2025:14683 ([email protected])
https://access.redhat.com/security/cve/CVE-2025-7345 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2377063 ([email protected])
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249 ([email protected])
https://lists.debian.org/debian-lts-announce/2025/10/msg00024.html (af854a3a-2127-422b-91ae-364da2661108)