CVE-2025-7345

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-7345
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2025:12841
https://access.redhat.com/errata/RHSA-2025:12862
https://access.redhat.com/errata/RHSA-2025:13315
https://access.redhat.com/security/cve/CVE-2025-7345
https://bugzilla.redhat.com/show_bug.cgi?id=2377063
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249
Configurations

No configuration.

History

07 Aug 2025, 07:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:13315 -

05 Aug 2025, 09:15

Type Values Removed Values Added
Summary
  • (es) Existe una falla en gdk?pixbuf dentro de la función gdk_pixbuf__jpeg_image_load_increment (io-jpeg.c) y en g_base64_encode_step de glib (glib/gbase64.c). Al procesar imágenes JPEG manipuladas con fines maliciosos, puede producirse un desbordamiento del búfer de pila durante la codificación Base64, lo que permite lecturas fuera de los límites de la memoria de pila, lo que puede provocar fallos en la aplicación o la ejecución de código arbitrario.
References
  • () https://access.redhat.com/errata/RHSA-2025:12841 -
  • () https://access.redhat.com/errata/RHSA-2025:12862 -

09 Jul 2025, 08:15

Type Values Removed Values Added
CWE CWE-787 CWE-120

08 Jul 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-08 14:15

Updated : 2025-08-07 07:15

NVD link : CVE-2025-7345

Mitre link : CVE-2025-7345

CVE.ORG link : CVE-2025-7345

JSON object : View

Products Affected

No product.

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')