Login Sign Up

CVE-2025-7345

7.5 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

A heap buffer overflow vulnerability in gdk-pixbuf and glib allows processing malicious JPEG images to cause out-of-bounds memory reads. This can lead to application crashes or potentially arbitrary code execution. Systems using affected versions of gdk-pixbuf or glib for image processing are vulnerable.

💻 Affected Systems

Products:
  • gdk-pixbuf
  • glib
Versions: Specific versions not provided in CVE description; check Red Hat advisories for affected ranges.
Operating Systems: Linux distributions using affected gdk-pixbuf/glib versions (Red Hat, Fedora, Ubuntu, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using gdk-pixbuf for JPEG processing or glib for Base64 encoding of JPEG data is vulnerable when handling malicious images.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the image, potentially leading to full system compromise.

🟠

Likely Case

Application crashes (denial of service) when processing malicious images, with code execution being more difficult to achieve reliably.

🟢

If Mitigated

Limited impact if applications run with minimal privileges, have memory protections (ASLR), or don't process untrusted images.

🌐 Internet-Facing: MEDIUM - Applications that accept image uploads from untrusted sources (web apps, email clients) are at risk, but exploitation requires specific conditions.
🏢 Internal Only: LOW - Internal systems typically process trusted images, though malicious insiders or compromised internal systems could exploit this.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious JPEG image and getting it processed by vulnerable software. Heap manipulation for reliable code execution is complex.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Red Hat advisories for specific patched versions (e.g., gdk-pixbuf2-2.42.10-1.el9_4).

Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:12841

Restart Required: Yes

Instructions:

1. Update gdk-pixbuf and glib packages using your distribution's package manager. 2. For Red Hat systems: 'sudo yum update gdk-pixbuf2 glib2'. 3. Restart affected applications or the system.

🔧 Temporary Workarounds

Disable JPEG processing in vulnerable applications

linux

Configure applications to avoid using gdk-pixbuf for JPEG images or disable image processing features.

Application-specific configuration; no universal command.

Use alternative image libraries

linux

Replace gdk-pixbuf with other image processing libraries that aren't vulnerable.

Recompile applications with different libraries; consult application documentation.

🧯 If You Can't Patch

  • Restrict image uploads to trusted sources only.
  • Run vulnerable applications with reduced privileges (e.g., sandboxing, containers).

🔍 How to Verify

Check if Vulnerable:

Check installed gdk-pixbuf and glib versions against patched versions in Red Hat advisories.

Check Version:

rpm -q gdk-pixbuf2 glib2

Verify Fix Applied:

Verify updated package versions: 'rpm -q gdk-pixbuf2 glib2' and compare to patched versions.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or segmentation faults when processing JPEG images.
  • Unexpected memory access errors in system logs.

Network Indicators:

  • Unusual image uploads to web applications or services.

SIEM Query:

Search for process crashes related to gdk-pixbuf or applications using it, e.g., 'process.name:gdk-pixbuf AND event.type:crash'.

📊 Metadata

CVE ID: CVE-2025-7345
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
EPSS Score: 0.26% exploit probability (49.2th percentile)
Published: July 8, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7345, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)