suse · CVE-2025-7345

Quick triage

Priority: high Published: 2025-07-12 06:55:20 UTC Updated: 2026-04-17 13:57:50 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-7345 severity important: SUSE including 354 source package names (2.2.1-5.5:gpg2-2.4.4-slfo.1.1_5.1, 2.2.1-7.2:gpg2-2.4.4-slfo.1.1_5.1, …), 1441 product×package rows across 219 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (219 product lines)): Known Not Affected 630, Fixed 573, Known Affected 231, First Fixed 7.

Description:

A flaw exists in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib's g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

cvelogic Threat Intelligence