Home > Vulnerability Database > CVE-2025-6199

Mend.io Vulnerability Database

CVE-2025-6199

Date: June 17, 2025

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

Severity Score

3.3

Related Resources (5)

Url: https://security-tracker.debian.org/tracker/CVE-2025-6199

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6199

Url: https://access.redhat.com/security/cve/CVE-2025-6199

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2373147

Url: https://www.mend.io/vulnerability-database/CVE-2025-6199

Severity Score

3.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6199

Date: June 17, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?