UBUNTU-CVE-2025-6199
- Source
- https://ubuntu.com/security/CVE-2025-6199
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6199.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-6199
- Upstream
- Downstream
- Related
- Published
- 2025-06-17T15:15:00Z
- Modified
- 2025-07-22T17:01:12Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
- References
-
- https://ubuntu.com/security/CVE-2025-6199
- https://www.cve.org/CVERecord?id=CVE-2025-6199
- https://bugzilla.redhat.com/show_bug.cgi?id=2373147
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/257
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/191
- https://access.redhat.com/security/cve/CVE-2025-6199
- https://ubuntu.com/security/notices/USN-7662-1
Affected packages
Ubuntu:Pro:16.04:LTS / gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.32.2-1ubuntu1.6+esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.32.2-1ubuntu1.6+esm2
Affected versions
2.*
2.32.1-1
2.32.2-1
2.32.2-1ubuntu1
2.32.2-1ubuntu1.2
2.32.2-1ubuntu1.3
2.32.2-1ubuntu1.4
2.32.2-1ubuntu1.5
2.32.2-1ubuntu1.6
2.32.2-1ubuntu1.6+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "gir1.2-gdkpixbuf-2.0-dbgsym"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-0"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-0-dbg"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-0-dbgsym"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-0-udeb"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-0-udeb-dbgsym"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-dev"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-dev-dbgsym"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-doc"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:Pro:18.04:LTS / gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.36.11-2ubuntu0.1~esm2?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.11-2ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-0"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-0-dbgsym"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-0-udeb"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-bin-dbgsym"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-dev"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-dev-dbgsym"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-doc"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:Pro:20.04:LTS / gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.40.0+dfsg-3ubuntu0.5+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.40.0+dfsg-3ubuntu0.5+esm1
Affected versions
2.*
2.40.0+dfsg-1build1
2.40.0+dfsg-1ubuntu1
2.40.0+dfsg-2
2.40.0+dfsg-3
2.40.0+dfsg-3ubuntu0.1
2.40.0+dfsg-3ubuntu0.2
2.40.0+dfsg-3ubuntu0.3
2.40.0+dfsg-3ubuntu0.4
2.40.0+dfsg-3ubuntu0.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-0"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-0-dbgsym"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-0-udeb"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-bin-dbgsym"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-dev"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-doc"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:22.04:LTS / gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.42.8+dfsg-1ubuntu0.4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.42.8+dfsg-1ubuntu0.4
Affected versions
2.*
2.42.6+dfsg-1build2
2.42.6+dfsg-1build3
2.42.6+dfsg-2ubuntu2
2.42.6+dfsg-2ubuntu3
2.42.8+dfsg-1
2.42.8+dfsg-1ubuntu0.1
2.42.8+dfsg-1ubuntu0.2
2.42.8+dfsg-1ubuntu0.3
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "gdk-pixbuf-tests"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "gdk-pixbuf-tests-dbgsym"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf-2.0-0"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf-2.0-0-dbgsym"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf-2.0-dev"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf2.0-bin-dbgsym"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf2.0-doc"
}
],
"availability": "No subscription required"
}
Ubuntu:24.04:LTS / gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.42.10+dfsg-3ubuntu3.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.42.10+dfsg-3ubuntu3.2
Affected versions
2.*
2.42.10+dfsg-1build1
2.42.10+dfsg-3
2.42.10+dfsg-3ubuntu1
2.42.10+dfsg-3ubuntu2
2.42.10+dfsg-3ubuntu3
2.42.10+dfsg-3ubuntu3.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "gdk-pixbuf-tests"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "gdk-pixbuf-tests-dbgsym"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf-2.0-0"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf-2.0-0-dbgsym"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf-2.0-dev"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf2.0-bin-dbgsym"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf2.0-doc"
}
],
"availability": "No subscription required"
}
Ubuntu:25.04 / gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.42.12+dfsg-2ubuntu0.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.42.12+dfsg-2ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "gdk-pixbuf-tests"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "gdk-pixbuf-tests-dbgsym"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "libgdk-pixbuf-2.0-0"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "libgdk-pixbuf-2.0-0-dbgsym"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "libgdk-pixbuf-2.0-dev"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "libgdk-pixbuf2.0-bin-dbgsym"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.42.12+dfsg-2ubuntu0.1",
"binary_name": "libgdk-pixbuf2.0-doc"
}
],
"availability": "No subscription required"
}