Logic Error in GdkPixbuf’s GIF Decoder Leading to Memory Leakage
CVE-2025-6199

3.3LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-6199?

A flaw in the GIF parser of GdkPixbuf’s LZW decoder leads to a logic error when handling invalid symbols during decompression. Instead of reporting the correct number of bytes written, the decoder mistakenly sets the output size to the full buffer length. This oversight can result in uninitialized portions of the buffer being incorporated into the output, which poses a risk of leaking arbitrary memory contents from processed images. This vulnerability can expose sensitive data and requires immediate attention to mitigate potential risks.

References

https://access.redhat.com/security/cve/CVE-2025-6199

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2373147

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 17, 2025

Red Hat

What is CVE-2025-6199?

References

CVSS V3.1

Timeline