AZL-64077 CVE-2025-6199 affecting package gdk-pixbuf2 for versions less than 2.40.0-8

🗓️ 17 Jun 2025 15:15:54Reported by GoogleType

osv

osv🔗 osv.dev

A flaw in the GdkPixbuf GIF Lzw decoder outputs the full buffer for an invalid symbol, leaking memory.

Reporter	Title	Published	Views	Family All 98
Tenable Nessus	Amazon Linux 2023 : gdk-pixbuf2, gdk-pixbuf2-devel, gdk-pixbuf2-modules (ALAS2023-2025-1120)	4 Aug 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : gdk-pixbuf2, gdk-pixbuf2-devel, gdk-pixbuf2-modules (ALAS2023-2026-1553)	13 Apr 202600:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: gdk-pixbuf2 (CVE-2025-6199)	16 Jul 202500:00	–	nessus
Tenable Nessus	Debian dla-4225 : gdk-pixbuf-tests - security update	23 Jun 202500:00	–	nessus
Tenable Nessus	Debian dsa-5946 : gdk-pixbuf-tests - security update	22 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : gdk-pixbuf2 (EulerOS-SA-2025-2191)	11 Oct 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : gdk-pixbuf2 (EulerOS-SA-2025-2223)	11 Oct 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : gdk-pixbuf2 (EulerOS-SA-2025-2255)	24 Oct 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : gdk-pixbuf2 (EulerOS-SA-2025-2287)	24 Oct 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : gdk-pixbuf2 (EulerOS-SA-2025-2322)	12 Nov 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-6199

21 Apr 2026 04:32Current

6Medium risk

Vulners AI Score6

CVSS 3.13.3

EPSS0.00102

SSVC

GdkPixbuf Gif parser Lzw decoder Memory leak