Denial of Service Vulnerability in Libgepub EPUB Reader
CVE-2025-6196

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-6196?

A flaw exists in libgepub, a library utilized for reading EPUB files, which mishandles file size calculations when opening specially crafted EPUB files. This miscalculation can result in incorrect memory allocations, causing applications relying on this library to crash. Although there are no confirmed remote attack vectors, any software that processes user-supplied EPUB content via libgepub could encounter potential denial of service issues, especially in desktop services like Tumbler that automatically process files.

References

https://access.redhat.com/security/cve/CVE-2025-6196

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2373117

issue-trackingx_refsource_REDHAT

https://gitlab.gnome.org/GNOME/libgepub/-/issues/18

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 17, 2025

Credit

Red Hat would like to thank Mohammad Hussam Alzeyyat - mhzcyber for reporting this issue.