UBUNTU-CVE-2025-6199
- Source
- https://ubuntu.com/security/CVE-2025-6199
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6199.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-6199
- Upstream
- Downstream
- Related
- Published
- 2025-06-17T15:15:00Z
- Modified
- 2026-02-04T02:41:54.985586Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
- References
-
- https://ubuntu.com/security/CVE-2025-6199
- https://www.cve.org/CVERecord?id=CVE-2025-6199
- https://bugzilla.redhat.com/show_bug.cgi?id=2373147
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/257
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/191
- https://access.redhat.com/security/cve/CVE-2025-6199
- https://ubuntu.com/security/notices/USN-7662-1
Affected packages
Ubuntu:22.04:LTS
gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.42.8+dfsg-1ubuntu0.4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.42.8+dfsg-1ubuntu0.4
Affected versions
2.*
2.42.6+dfsg-1build2
2.42.6+dfsg-1build3
2.42.6+dfsg-2ubuntu2
2.42.6+dfsg-2ubuntu3
2.42.8+dfsg-1
2.42.8+dfsg-1ubuntu0.1
2.42.8+dfsg-1ubuntu0.2
2.42.8+dfsg-1ubuntu0.3
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "gdk-pixbuf-tests"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf-2.0-0"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf-2.0-dev"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.42.8+dfsg-1ubuntu0.4",
"binary_name": "libgdk-pixbuf2.0-common"
}
],
"availability": "No subscription required"
}Ubuntu:24.04:LTS
gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.42.10+dfsg-3ubuntu3.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.42.10+dfsg-3ubuntu3.2
Affected versions
2.*
2.42.10+dfsg-1build1
2.42.10+dfsg-3
2.42.10+dfsg-3ubuntu1
2.42.10+dfsg-3ubuntu2
2.42.10+dfsg-3ubuntu3
2.42.10+dfsg-3ubuntu3.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "gdk-pixbuf-tests"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf-2.0-0"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf-2.0-dev"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.42.10+dfsg-3ubuntu3.2",
"binary_name": "libgdk-pixbuf2.0-common"
}
],
"availability": "No subscription required"
}Ubuntu:25.10
gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.42.12+dfsg-4build1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.42.12+dfsg-4build1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.42.12+dfsg-4build1",
"binary_name": "gdk-pixbuf-tests"
},
{
"binary_version": "2.42.12+dfsg-4build1",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.42.12+dfsg-4build1",
"binary_name": "libgdk-pixbuf-2.0-0"
},
{
"binary_version": "2.42.12+dfsg-4build1",
"binary_name": "libgdk-pixbuf-2.0-dev"
},
{
"binary_version": "2.42.12+dfsg-4build1",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.42.12+dfsg-4build1",
"binary_name": "libgdk-pixbuf2.0-common"
}
],
"availability": "No subscription required"
}Ubuntu:Pro:16.04:LTS
gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.32.2-1ubuntu1.6+esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.32.2-1ubuntu1.6+esm2
Affected versions
2.*
2.32.1-1
2.32.2-1
2.32.2-1ubuntu1
2.32.2-1ubuntu1.2
2.32.2-1ubuntu1.3
2.32.2-1ubuntu1.4
2.32.2-1ubuntu1.5
2.32.2-1ubuntu1.6
2.32.2-1ubuntu1.6+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-0"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.32.2-1ubuntu1.6+esm2",
"binary_name": "libgdk-pixbuf2.0-dev"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Ubuntu:Pro:18.04:LTS
gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.36.11-2ubuntu0.1~esm2?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.11-2ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-0"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.36.11-2ubuntu0.1~esm2",
"binary_name": "libgdk-pixbuf2.0-dev"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Ubuntu:Pro:20.04:LTS
gdk-pixbuf
Package
- Name
- gdk-pixbuf
- Purl
- pkg:deb/ubuntu/gdk-pixbuf@2.40.0+dfsg-3ubuntu0.5+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.40.0+dfsg-3ubuntu0.5+esm1
Affected versions
2.*
2.40.0+dfsg-1build1
2.40.0+dfsg-1ubuntu1
2.40.0+dfsg-2
2.40.0+dfsg-3
2.40.0+dfsg-3ubuntu0.1
2.40.0+dfsg-3ubuntu0.2
2.40.0+dfsg-3ubuntu0.3
2.40.0+dfsg-3ubuntu0.4
2.40.0+dfsg-3ubuntu0.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "gir1.2-gdkpixbuf-2.0"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-0"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-bin"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-common"
},
{
"binary_version": "2.40.0+dfsg-3ubuntu0.5+esm1",
"binary_name": "libgdk-pixbuf2.0-dev"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}