CVE-2025-6199

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GdkPixbuf (affected versions not specified)

Description A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

AZL-64077

AZL-64079

BDU:2025-10733

CVE-2025-6199

DLA-4225-1

DSA-5946-1

MGASA-2025-0198

OESA-2025-1866

OPENSUSE-SU-2025:15397-1

OPENSUSE-SU-2026:20084-1

SUSE-SU-2025:02954-1

SUSE-SU-2025:02963-1

SUSE-SU-2025:03373-1

SUSE-SU-2025:20694-1

SUSE-SU-2025:20748-1

SUSE-SU-2025_02954-1

SUSE-SU-2025_02963-1

SUSE-SU-2025_03373-1

SUSE-SU-2026:20128-1

SUSE-SU-2026:20156-1

USN-7662-1

Affected Products

Debian

Gdk-Pixbuf

Linuxmint

Red Os

Suse

Ubuntu

CVE-2025-6199

Weakness Enumeration

Related Identifiers

Affected Products

References · 66