Fluid Attacks Database

Description

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gdk-pixbuf	=2.42.2+dfsg-1 \|\| =2.42.2+dfsg-1+deb11u1 \|\| =2.42.2+dfsg-1+deb11u2 \|\| =2.42.2+dfsg-1+deb11u3 \|\| >=0 <2.42.2+dfsg-1+deb11u4	2.42.2+dfsg-1+deb11u4
debian 12	gdk-pixbuf	=2.42.10+dfsg-1 \|\| =2.42.10+dfsg-1+deb12u1 \|\| =2.42.10+dfsg-1+deb12u2 \|\| >=0 <2.42.10+dfsg-1+deb12u3	2.42.10+dfsg-1+deb12u3
debian 13	gdk-pixbuf	>=0 <2.42.12+dfsg-4	2.42.12+dfsg-4
debian 14	gdk-pixbuf	>=0 <2.42.12+dfsg-4	2.42.12+dfsg-4
rpm rhel10	gdk-pixbuf2	<0:2.42.12-4.el10_0	0:2.42.12-4.el10_0
rpm rhel6	gdk-pixbuf2	-	-
rpm rhel7	gdk-pixbuf2	-	-
rpm rhel8	gdk-pixbuf2	<0:2.36.12-7.el8_10	0:2.36.12-7.el8_10
rpm rhel8.4	gdk-pixbuf2	<0:2.36.12-6.el8_4	0:2.36.12-6.el8_4
rpm rhel9	gdk-pixbuf2	<0:2.42.6-6.el9_6	0:2.42.6-6.el9_6

1-10 of 11

Aliases

1. CVE-2025-73452. NVD-2025-73453. OSV-DEBIAN-2025-73454. OSV-2025-73455. SECURITY-TRACKER-CVE-2025-7345

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.