CVE-2025-6196

Source
https://cve.org/CVERecord?id=CVE-2025-6196
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6196.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6196
Downstream
Related
Published
2025-06-17T14:29:42.228Z
Modified
2026-07-08T08:01:51.646798672Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Libgepub: integer overflow in libgepub's epub archive handling
Details

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/6xxx/CVE-2025-6196.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-190"
    ]
}
References

Affected packages

Git / gitlab.gnome.org/gnome/libgepub

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/gnome/libgepub
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.7.2"
        }
    ]
}

Affected versions

0.*
0.3
0.4
0.5.0
0.5.1
0.5.2
0.5.3
0.6
0.6.0
0.7.0
0.7.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6196.json"