CVE-2025-6199

EPSS 0.02%
Published 17.06.2025 14:30:42
Last modified 21.08.2025 01:16:43
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Gnome ≫ Gdkpixbuf Version2.0.0 Update-

   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0
   Redhat ≫ Enterprise Linux Version8.0
   Redhat ≫ Enterprise Linux Version9.0
   Redhat ≫ Enterprise Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
secalert@redhat.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://access.redhat.com/security/cve/CVE-2025-6199

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2373147

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-6199

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6199

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6199

EUVD