View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2025-7345 severity important: SUSE including 354 source package names (2.2.1-5.5:gpg2-2.4.4-slfo.1.1_5.1, 2.2.1-7.2:gpg2-2.4.4-slfo.1.1_5.1, …), 1441 product×package rows across 219 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (219 product lines)): Known Not Affected 630, Fixed 573, Known Affected 231, First Fixed 7.
A flaw exists in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib's g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.