Updated: 2025-09-03 23:04:23.266126
Description:
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | gdk-pixbuf2 | 2.42.6 | 7.5 | HIGH | Released | CLSA-2025:1757698525 | 2025-09-12 19:25:22 | |
| CentOS 7 ELS | gdk-pixbuf2 | 2.36.12 | 7.5 | HIGH | Released | CLSA-2025:1758896091 | 2025-10-09 15:48:58 | |
| Oracle Linux 7 ELS | gdk-pixbuf2 | 2.36.12 | 7.5 | HIGH | Released | CLSA-2025:1763371545 | 2025-11-17 14:54:02 | |
| RHEL 7 ELS | gdk-pixbuf2 | 2.36.12 | 7.5 | HIGH | Released | CLSA-2025:1757662747 | 2025-09-12 09:27:38 |