Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder

June 17, 2025 invoker category_cve

CVE Details

Basic Information

Title Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder
Type cve
Published 2025-06-17T14:30:42.665Z
Last Seen

Product Information

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Version

CVSS Information

Base Score 3.3 (LOW)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A memory leak vulnerability in the GIF parser of GdkPixbuf’s LZW decoder could expose uninitialized memory contents, potentially revealing sensitive information.
AI Severity Low
Vendor GNOME Foundation
Product gdk-pixbuf
Affected Version

Additional Information

CVE List
CWE List CWE-200
Bulletin Family

Description

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.