Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf

July 8, 2025 invoker category_cve

CVE Details

Basic Information

Title Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf
Type cve
Published 2025-07-08T13:39:07.949Z
Modified 2025-07-08T13:54:32.331Z

Product Information

Vendor Red Hat
Product Red Hat Enterprise Linux 10

CVSS Information

Base Score 7.5 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Analysis

AI Description A heap buffer overflow in gdk-pixbuf when processing maliciously crafted JPEG images can cause application crashes or arbitrary code execution.
AI Severity High
AI Vendor GNOME Foundation
AI Product gdk-pixbuf
AI Version Versions not specified

Additional Information

CWE List CWE-787
Source redhat

Description

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.