CVE-2025-6196

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-6196
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6196.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-6196
Downstream
Related
Published
2025-06-17T15:15:54Z
Modified
2025-07-01T16:27:17.285589Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

References

Affected packages

Debian:11 / libgepub

Package

Name
libgepub
Purl
pkg:deb/debian/libgepub?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.0-2
0.7.0-1
0.7.0-2
0.7.1-1
0.7.1-2
0.7.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libgepub

Package

Name
libgepub
Purl
pkg:deb/debian/libgepub?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.7.0-2
0.7.1-1
0.7.1-2
0.7.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libgepub

Package

Name
libgepub
Purl
pkg:deb/debian/libgepub?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.3-1

Affected versions

0.*

0.7.0-2
0.7.1-1
0.7.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}