CVE Details
Basic Information
| Title | Libgepub: integer overflow in libgepub’s epub archive handling |
|---|---|
| Type | cve |
| Published | 2025-06-17T14:29:42.228Z |
| Last Seen |
Product Information
| Vendor | Red Hat |
|---|---|
| Product | Red Hat Enterprise Linux 7 |
| Version |
CVSS Information
| Base Score | 5.5 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in libgepub allows attackers to cause a denial of service by crashing applications that use the library to process specially crafted EPUB files. This affects software like Tumbler when handling malicious files in directories. While no direct remote attacks are confirmed, any application using libgepub for user-supplied content is at risk. |
|---|---|
| AI Severity | Medium |
| Vendor | GNOME Foundation |
| Product | libgepub |
| Affected Version |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-190 |
| Bulletin Family |
References
Description
A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.