|
|
Log in / Subscribe / Register

Debian alert DLA-4344-1 (gdk-pixbuf)



From:
              Carlos Henrique Lima Melara <charles@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4344-1] gdk-pixbuf security update


Date:
              Thu, 23 Oct 2025 01:23:50 -0300


Message-ID:
              <oqln5w6w2c2x4gmww7jrizhtmanbno7ahlcnj5rqabxuzdxdrg@fht4aqttwdcx>


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4344-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/          Carlos Henrique Lima Melara
October 22, 2025                              https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : gdk-pixbuf
Version        : 2.42.2+dfsg-1+deb11u4
CVE ID         : CVE-2025-7345
Debian Bug     : 1109262

A vulnerability was found in gdk-pixbuf, a library used by many GTK
applications to load graphical assets. When processing maliciously
crafted JPEG images, a heap buffer overflow can occur during Base64
encoding.

For Debian 11 bullseye, this problem has been fixed in version
2.42.2+dfsg-1+deb11u4.

We recommend that you upgrade your gdk-pixbuf packages.

For the detailed security status of gdk-pixbuf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gdk-pixbuf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEECgzx8d8+AINglLHJt4M9ggJ8mQsFAmj5rdIACgkQt4M9ggJ8
mQsr1hAAjKB4g1g+jOby5mWMEYQmRhIogP8Jz+VJfDtMbA+Q5vox2YL1C96KTtsM
Fr7mKS1QFjSGfaDQtS/K5DZXlZ1R8UqAxx2iX+qse21QHxrFgHRfUWzP82Vhe/Qd
hKZq1A27Aw584ZDJ7GNca0oDQvv5yBoEGlR8+I/GOvWBQed6n4Le1Bszbgs0Rho+
Rte8U7vsk0yNMtqQQF0VE6lE8XKlY2DfDYLhvV88Vfiex4mzfCYe4oFu7xNRqX6w
+PRplPi0GiyR7qQDDX4CSPlhhF2eHACHMZUkudAO8rBFxSIRBsJ/vKUiRZyQl6W8
Yi8w3MDRMajMEOtsA3QYHOMalqrtuXxriAEQegxeDu9OCDcp+SYoJw8XWzZqYvZ6
mXrqT7tbCp/QmZ7MAtL6ZRtY9pV3zsQBn34R4PNT2iYkdYfNGI8MK+Nm8PNEAmvT
mbDzUdT1DmRwcqic3j1fT8wZGggLxRrJ6W5oGDpkT3t7j8qrS8WEAr3oZWq9zYhM
SZ+C4BbR47rBXPgiV5jSM4HJ2l2N0hnUY4wr/CIJ8sJiQMhhz81Q/xqea48f0s2m
bISv7A8YUUjnffFebV/pXC8XUaWoDGprCbPoDVtbkjHsBKUFXJwo3wLYeIND6Nue
QBkEbrGvQbj56g38Stju37LixsTFFAcXaakft6IBj5QiaqSqlg8=
=3dPS
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds