Описание
Security update for gdk-pixbuf
This update for gdk-pixbuf fixes the following issues:
- CVE-2025-7345: Fixed heap buffer overflow in gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114)
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
gdk-pixbuf-devel-2.34.0-19.23.1
gdk-pixbuf-lang-2.34.0-19.23.1
gdk-pixbuf-query-loaders-2.34.0-19.23.1
gdk-pixbuf-query-loaders-32bit-2.34.0-19.23.1
libgdk_pixbuf-2_0-0-2.34.0-19.23.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.23.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.23.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
gdk-pixbuf-devel-2.34.0-19.23.1
gdk-pixbuf-lang-2.34.0-19.23.1
gdk-pixbuf-query-loaders-2.34.0-19.23.1
gdk-pixbuf-query-loaders-32bit-2.34.0-19.23.1
libgdk_pixbuf-2_0-0-2.34.0-19.23.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.23.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.23.1
Ссылки
- Link for SUSE-SU-2025:03010-1
- E-Mail link for SUSE-SU-2025:03010-1
- SUSE Security Ratings
- SUSE Bug 1246114
- SUSE CVE CVE-2025-7345 page
Описание
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib's g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:gdk-pixbuf-devel-2.34.0-19.23.1
SUSE Linux Enterprise Server 12 SP5-LTSS:gdk-pixbuf-lang-2.34.0-19.23.1
SUSE Linux Enterprise Server 12 SP5-LTSS:gdk-pixbuf-query-loaders-2.34.0-19.23.1
SUSE Linux Enterprise Server 12 SP5-LTSS:gdk-pixbuf-query-loaders-32bit-2.34.0-19.23.1
Ссылки
- CVE-2025-7345
- SUSE Bug 1246114